[lvc-project] [PATCH] smb: remove redundant DACL check in smb_check_perm_dacl
Fedor Pchelkin
pchelkin at ispras.ru
Sun Dec 7 18:29:04 MSK 2025
Префикс подсистемы для fs/smb/server/smbacl.c - это "ksmbd", не "smb".
On Sun, 07. Dec 01:59, Alexey Velichayshiy wrote:
> Problem Analysis:
> 1. Permanently false condition:
> The check `if (!pdacl->num_aces)` after the
> `FILE_MAXIMAL_ACCESS_LE` block can never execute because when
> `pdacl->num_aces == 0`, the function already jumps to `err_out`
> in the earlier DACL validation check that precedes it.
>
> 2. Logical contradiction:
> The code contains conflicting semantics for empty DACL handling:
> - First check (before FILE_MAXIMAL_ACCESS_LE block):
> Empty DACL → access denied → goto err_out.
> - Second check (after FILE_MAXIMAL_ACCESS_LE block):
> Empty DACL → grant GENERIC_ALL_FLAGS.
> This creates unreachable code and semantic inconsistency.
>
> Solution:
> Remove the unreachable code block as the most
> concise solution with no functional impact.
Это трудночитаемый текст с лишними для понимания проблемы выкладками,
правда. Сравните, например, с такой постановкой проблемы и кратким итогом
по предлагаемому исправлению:
A zero value of pdacl->num_aces is already handled at the start of
smb_check_perm_dacl() so the second check is useless.
Drop the unreachable code block, no functional impact intended.
И всё :)
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Signed-off-by: Alexey Velichayshiy <a.velichayshiy at ispras.ru>
> ---
С учетом замечаний выше предлагаю отправлять, спасибо!
> fs/smb/server/smbacl.c | 3 ---
> 1 file changed, 3 deletions(-)
>
> diff --git a/fs/smb/server/smbacl.c b/fs/smb/server/smbacl.c
> index 5aa7a66334d9..05598d994a68 100644
> --- a/fs/smb/server/smbacl.c
> +++ b/fs/smb/server/smbacl.c
> @@ -1307,9 +1307,6 @@ int smb_check_perm_dacl(struct ksmbd_conn *conn, const struct path *path,
> granted |= le32_to_cpu(ace->access_req);
> ace = (struct smb_ace *)((char *)ace + le16_to_cpu(ace->size));
> }
> -
> - if (!pdacl->num_aces)
> - granted = GENERIC_ALL_FLAGS;
> }
>
> if (!uid)
> --
> 2.43.0
More information about the lvc-project
mailing list