<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/fs/smb, branch master</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>ksmbd: use the session dialect for rejected binding signatures</title>
<updated>2026-07-06T12:55:41+00:00</updated>
<author>
<name>Namjae Jeon</name>
<email>linkinjeon@kernel.org</email>
</author>
<published>2026-07-02T12:16:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=f49bca41c12f9f79d39dbf0779d0c672d74b09fe'/>
<id>f49bca41c12f9f79d39dbf0779d0c672d74b09fe</id>
<content type='text'>
When an SMB3 session is referenced by a binding request on an SMB2.1
connection, the request is signed with the existing session's SMB3 signing
algorithm. ksmbd instead verifies it with the new connection's SMB2.1 HMAC
algorithm, so verification fails and the client receives
STATUS_ACCESS_DENIED instead of STATUS_REQUEST_NOT_ACCEPTED.

Select the signing verifier from the referenced session dialect. Permit a
signed SESSION_SETUP without an established channel to use the SMB3 session
signing key for verification. This is limited to SESSION_SETUP so other
unbound requests remain rejected.

The rejected response must use the same existing session algorithm. When an
SMB3 session is referenced on an SMB2.1 connection, sign the SESSION_SETUP
response with the SMB3 signing path rather than the connection's SMB2.1
path.

This fixes smb2.session.bind_negative_smb3to2s.

Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
Signed-off-by: Steve French &lt;stfrench@microsoft.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When an SMB3 session is referenced by a binding request on an SMB2.1
connection, the request is signed with the existing session's SMB3 signing
algorithm. ksmbd instead verifies it with the new connection's SMB2.1 HMAC
algorithm, so verification fails and the client receives
STATUS_ACCESS_DENIED instead of STATUS_REQUEST_NOT_ACCEPTED.

Select the signing verifier from the referenced session dialect. Permit a
signed SESSION_SETUP without an established channel to use the SMB3 session
signing key for verification. This is limited to SESSION_SETUP so other
unbound requests remain rejected.

The rejected response must use the same existing session algorithm. When an
SMB3 session is referenced on an SMB2.1 connection, sign the SESSION_SETUP
response with the SMB3 signing path rather than the connection's SMB2.1
path.

This fixes smb2.session.bind_negative_smb3to2s.

Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
Signed-off-by: Steve French &lt;stfrench@microsoft.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ksmbd: mark rejected cross-dialect bindings as signed</title>
<updated>2026-07-06T12:55:41+00:00</updated>
<author>
<name>Namjae Jeon</name>
<email>linkinjeon@kernel.org</email>
</author>
<published>2026-07-02T11:40:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=3e67423336f08a28e9efaac66e842210f9421484'/>
<id>3e67423336f08a28e9efaac66e842210f9421484</id>
<content type='text'>
Binding an SMB 2.1 session to an SMB 3.x connection is invalid because the
dialects do not match. ksmbd returns STATUS_INVALID_PARAMETER. The check
fails before attaching the referenced session to the request, so the error
response lacks SMB2_FLAGS_SIGNED.

A client requiring signing checks this flag before handling the status and
reports STATUS_ACCESS_DENIED instead of STATUS_INVALID_PARAMETER. Preserve
the signed flag for a signed binding request rejected with
STATUS_INVALID_PARAMETER. The client can then apply the special error path
without attempting to validate a response using incompatible signing
algorithms.

This fixes smb2.session.bind_negative_smb2to3s.

Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
Signed-off-by: Steve French &lt;stfrench@microsoft.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Binding an SMB 2.1 session to an SMB 3.x connection is invalid because the
dialects do not match. ksmbd returns STATUS_INVALID_PARAMETER. The check
fails before attaching the referenced session to the request, so the error
response lacks SMB2_FLAGS_SIGNED.

A client requiring signing checks this flag before handling the status and
reports STATUS_ACCESS_DENIED instead of STATUS_INVALID_PARAMETER. Preserve
the signed flag for a signed binding request rejected with
STATUS_INVALID_PARAMETER. The client can then apply the special error path
without attempting to validate a response using incompatible signing
algorithms.

This fixes smb2.session.bind_negative_smb2to3s.

Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
Signed-off-by: Steve French &lt;stfrench@microsoft.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ksmbd: sign rejected SMB2.1 session binding responses</title>
<updated>2026-07-06T12:55:41+00:00</updated>
<author>
<name>Namjae Jeon</name>
<email>linkinjeon@kernel.org</email>
</author>
<published>2026-07-02T11:27:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=1f12738b0ed7b89252271d71159c67e6349ef532'/>
<id>1f12738b0ed7b89252271d71159c67e6349ef532</id>
<content type='text'>
SMB2_SESSION_REQ_FLAG_BINDING is not supported before SMB 3.0. ksmbd maps
such a request to STATUS_REQUEST_NOT_ACCEPTED, but it rejects the request
without looking up the referenced session. The response is then sent
unsigned. A client requiring signing reports
STATUS_ACCESS_DENIED instead of the server status.

Look up the referenced session and verify the binding request with its
signing key. Keep the session reference only after successful verification
so the rejected response can be signed without providing a signing oracle.

A signed SESSION_SETUP without the binding flag can reference a session
that does not belong to the connection. Preserve SMB2_FLAGS_SIGNED on the
STATUS_USER_SESSION_DELETED response. Clients skip signature verification
for this status but still require the signed flag before propagating it.

Also restrict failed binding preauthentication cleanup to SMB 3.1.1, the
only dialect that initializes and uses that context.

This fixes smb2.session.bind_negative_smb210s.

Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
Signed-off-by: Steve French &lt;stfrench@microsoft.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
SMB2_SESSION_REQ_FLAG_BINDING is not supported before SMB 3.0. ksmbd maps
such a request to STATUS_REQUEST_NOT_ACCEPTED, but it rejects the request
without looking up the referenced session. The response is then sent
unsigned. A client requiring signing reports
STATUS_ACCESS_DENIED instead of the server status.

Look up the referenced session and verify the binding request with its
signing key. Keep the session reference only after successful verification
so the rejected response can be signed without providing a signing oracle.

A signed SESSION_SETUP without the binding flag can reference a session
that does not belong to the connection. Preserve SMB2_FLAGS_SIGNED on the
STATUS_USER_SESSION_DELETED response. Clients skip signature verification
for this status but still require the signed flag before propagating it.

Also restrict failed binding preauthentication cleanup to SMB 3.1.1, the
only dialect that initializes and uses that context.

This fixes smb2.session.bind_negative_smb210s.

Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
Signed-off-by: Steve French &lt;stfrench@microsoft.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ksmbd: handle channel binding with a different user</title>
<updated>2026-07-06T12:55:41+00:00</updated>
<author>
<name>Namjae Jeon</name>
<email>linkinjeon@kernel.org</email>
</author>
<published>2026-07-02T11:07:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=1c5daa2ea924be89d78b5525510bcf3a3eb9735c'/>
<id>1c5daa2ea924be89d78b5525510bcf3a3eb9735c</id>
<content type='text'>
When an authenticated user tries to bind a channel to a session owned by a
different user, ksmbd returns STATUS_LOGON_FAILURE. Windows instead rejects
this attempt with STATUS_ACCESS_DENIED. The supplied credentials are valid
but cannot be used with the existing session.

Use a distinct internal error for a user mismatch in both NTLM and Kerberos
authentication and map it to STATUS_ACCESS_DENIED during SESSION_SETUP.
Keep ordinary authentication failures mapped to STATUS_LOGON_FAILURE.

A failed SMB 3.1.1 binding also leaves its preauthentication context on the
connection. A subsequent binding attempt for the same session reuses the
stale hash and derives an incorrect channel signing key. Remove the binding
preauthentication context on failure so a valid retry starts with a fresh
hash.

This fixes smb2.session.bind_different_user.

Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
Signed-off-by: Steve French &lt;stfrench@microsoft.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When an authenticated user tries to bind a channel to a session owned by a
different user, ksmbd returns STATUS_LOGON_FAILURE. Windows instead rejects
this attempt with STATUS_ACCESS_DENIED. The supplied credentials are valid
but cannot be used with the existing session.

Use a distinct internal error for a user mismatch in both NTLM and Kerberos
authentication and map it to STATUS_ACCESS_DENIED during SESSION_SETUP.
Keep ordinary authentication failures mapped to STATUS_LOGON_FAILURE.

A failed SMB 3.1.1 binding also leaves its preauthentication context on the
connection. A subsequent binding attempt for the same session reuses the
stale hash and derives an incorrect channel signing key. Remove the binding
preauthentication context on failure so a valid retry starts with a fresh
hash.

This fixes smb2.session.bind_different_user.

Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
Signed-off-by: Steve French &lt;stfrench@microsoft.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ksmbd: find bound sessions during reauthentication</title>
<updated>2026-07-06T12:55:41+00:00</updated>
<author>
<name>Namjae Jeon</name>
<email>linkinjeon@kernel.org</email>
</author>
<published>2026-07-02T10:50:26+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=faf8578c77f3d846aca9cd882c293e03eafcc6df'/>
<id>faf8578c77f3d846aca9cd882c293e03eafcc6df</id>
<content type='text'>
A session bound to an additional connection is stored in the session
channel list, but it is not added to that connection's local session table.
After the binding exchange completes, conn-&gt;binding is cleared.

A later SESSION_SETUP reauthentication on the bound channel only searches
the local session table. It fails to find the session and returns
STATUS_USER_SESSION_DELETED instead of processing authentication and
returning STATUS_LOGON_FAILURE for invalid credentials.

If the local lookup fails, look up the session globally and accept it only
when the current connection is registered in its channel list. This keeps
unbound connections from using the session while allowing reauthentication
on an established channel.

This fixes smb2.session.bind_invalid_auth.

Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
Signed-off-by: Steve French &lt;stfrench@microsoft.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
A session bound to an additional connection is stored in the session
channel list, but it is not added to that connection's local session table.
After the binding exchange completes, conn-&gt;binding is cleared.

A later SESSION_SETUP reauthentication on the bound channel only searches
the local session table. It fails to find the session and returns
STATUS_USER_SESSION_DELETED instead of processing authentication and
returning STATUS_LOGON_FAILURE for invalid credentials.

If the local lookup fails, look up the session globally and accept it only
when the current connection is registered in its channel list. This keeps
unbound connections from using the session while allowing reauthentication
on an established channel.

This fixes smb2.session.bind_invalid_auth.

Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
Signed-off-by: Steve French &lt;stfrench@microsoft.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ksmbd: mark invalid session responses as signed</title>
<updated>2026-07-06T12:55:41+00:00</updated>
<author>
<name>Namjae Jeon</name>
<email>linkinjeon@kernel.org</email>
</author>
<published>2026-07-02T10:37:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=9e8ad620ddfde5a5f4ef58372e3805e9388cb0f4'/>
<id>9e8ad620ddfde5a5f4ef58372e3805e9388cb0f4</id>
<content type='text'>
When a signed request uses a session that is not registered on the
connection, ksmbd returns STATUS_USER_SESSION_DELETED before reaching the
normal response signing path. The response therefore lacks
SMB2_FLAGS_SIGNED.

Clients that require signing check this flag before handling
STATUS_USER_SESSION_DELETED and replace the server status with
STATUS_ACCESS_DENIED when it is absent. The protocol permits this error
response to skip signature verification because the connection has no
matching session key.

Preserve SMB2_FLAGS_SIGNED on the early error response when the request was
signed. This lets the client propagate STATUS_USER_SESSION_DELETED.
It fixes smb2.session.bind2.

Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
Signed-off-by: Steve French &lt;stfrench@microsoft.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When a signed request uses a session that is not registered on the
connection, ksmbd returns STATUS_USER_SESSION_DELETED before reaching the
normal response signing path. The response therefore lacks
SMB2_FLAGS_SIGNED.

Clients that require signing check this flag before handling
STATUS_USER_SESSION_DELETED and replace the server status with
STATUS_ACCESS_DENIED when it is absent. The protocol permits this error
response to skip signature verification because the connection has no
matching session key.

Preserve SMB2_FLAGS_SIGNED on the early error response when the request was
signed. This lets the client propagate STATUS_USER_SESSION_DELETED.
It fixes smb2.session.bind2.

Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
Signed-off-by: Steve French &lt;stfrench@microsoft.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>smb/server: map SET_INFO ENOSPC to disk full</title>
<updated>2026-07-06T12:55:41+00:00</updated>
<author>
<name>Huiwen He</name>
<email>hehuiwen@kylinos.cn</email>
</author>
<published>2026-07-01T15:21:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=216c5aba4ebde1a6e85d7831c0cf39a9a2ad7a38'/>
<id>216c5aba4ebde1a6e85d7831c0cf39a9a2ad7a38</id>
<content type='text'>
FILE_ALLOCATION_INFORMATION can call vfs_fallocate(). If the allocation
cannot be satisfied, vfs_fallocate() returns -ENOSPC.

smb2_set_info() did not map -ENOSPC, so ksmbd returned a generic SMB error
and the client reported EIO instead of ENOSPC. This makes the ENOSPC step
in xfstests generic/213 fail.

Map -ENOSPC and -EFBIG to STATUS_DISK_FULL in the SET_INFO error path.

Tested with xfstests generic/213 on ksmbd.

Signed-off-by: Huiwen He &lt;hehuiwen@kylinos.cn&gt;
Reviewed-by: ChenXiaoSong &lt;chenxiaosong@kylinos.cn&gt;
Acked-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
Signed-off-by: Steve French &lt;stfrench@microsoft.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
FILE_ALLOCATION_INFORMATION can call vfs_fallocate(). If the allocation
cannot be satisfied, vfs_fallocate() returns -ENOSPC.

smb2_set_info() did not map -ENOSPC, so ksmbd returned a generic SMB error
and the client reported EIO instead of ENOSPC. This makes the ENOSPC step
in xfstests generic/213 fail.

Map -ENOSPC and -EFBIG to STATUS_DISK_FULL in the SET_INFO error path.

Tested with xfstests generic/213 on ksmbd.

Signed-off-by: Huiwen He &lt;hehuiwen@kylinos.cn&gt;
Reviewed-by: ChenXiaoSong &lt;chenxiaosong@kylinos.cn&gt;
Acked-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
Signed-off-by: Steve French &lt;stfrench@microsoft.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ksmbd: coalesce sub-15ms write time updates on close</title>
<updated>2026-07-06T12:55:41+00:00</updated>
<author>
<name>Namjae Jeon</name>
<email>linkinjeon@kernel.org</email>
</author>
<published>2026-07-01T14:59:29+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=a0b765030f6ba37aaac59618d4f39dac18d42757'/>
<id>a0b765030f6ba37aaac59618d4f39dac18d42757</id>
<content type='text'>
Windows reports automatic write-time updates with a resolution of roughly
15 milliseconds. If a file is written and closed within that interval, a
close response requesting full information can report the write time from
the open rather than the filesystem's finer-grained mtime update.

ksmbd currently converts the filesystem mtime directly in SMB2 CLOSE, so
even a sub-millisecond write is visible to the client. This makes
smb2.timestamp_resolution.resolution1 fail because the immediate write
changes LastWriteTime.

Save the write time returned by SMB2 CREATE in the file handle. When CLOSE
requests post-query attributes, coalesce a positive mtime change smaller
than 15 milliseconds to that saved value. Larger changes remain visible,
including the test's write after a 20 millisecond delay.

Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
Signed-off-by: Steve French &lt;stfrench@microsoft.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Windows reports automatic write-time updates with a resolution of roughly
15 milliseconds. If a file is written and closed within that interval, a
close response requesting full information can report the write time from
the open rather than the filesystem's finer-grained mtime update.

ksmbd currently converts the filesystem mtime directly in SMB2 CLOSE, so
even a sub-millisecond write is visible to the client. This makes
smb2.timestamp_resolution.resolution1 fail because the immediate write
changes LastWriteTime.

Save the write time returned by SMB2 CREATE in the file handle. When CLOSE
requests post-query attributes, coalesce a positive mtime change smaller
than 15 milliseconds to that saved value. Larger changes remain visible,
including the test's write after a 20 millisecond delay.

Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
Signed-off-by: Steve French &lt;stfrench@microsoft.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ksmbd: fix multichannel binding and enforce channel limit</title>
<updated>2026-07-06T12:55:41+00:00</updated>
<author>
<name>Namjae Jeon</name>
<email>linkinjeon@kernel.org</email>
</author>
<published>2026-07-02T06:49:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=4b706360ffb7e459cb3d3edae30b06a584f6eddd'/>
<id>4b706360ffb7e459cb3d3edae30b06a584f6eddd</id>
<content type='text'>
A signed multichannel SESSION_SETUP binding request can require multiple
authentication rounds. ksmbd excludes SESSION_SETUP from the signed
request check and tries to sign every binding response with the channel
signing key. The channel does not exist for
STATUS_MORE_PROCESSING_REQUIRED, so that response is sent unsigned.
Clients reject it with STATUS_ACCESS_DENIED.

The final channel signing key also needs the key exported by the binding
authentication context. Keep that key in the channel instead of
overwriting the established session key, and use the session signing key
for intermediate and failed binding responses. Retain the binding session
reference until an error response has been signed and sent.

Limit a session to 32 channels while holding the channel lock. Return
STATUS_INSUFFICIENT_RESOURCES for an additional binding, matching the
server limit expected by clients.

This fixes smb2.multichannel.generic.num_channels, which previously
failed the first binding with STATUS_ACCESS_DENIED and returned the same
status instead of STATUS_INSUFFICIENT_RESOURCES for channel 33.

Fixes: f5a544e3bab7 ("ksmbd: add support for SMB3 multichannel")
Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
Signed-off-by: Steve French &lt;stfrench@microsoft.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
A signed multichannel SESSION_SETUP binding request can require multiple
authentication rounds. ksmbd excludes SESSION_SETUP from the signed
request check and tries to sign every binding response with the channel
signing key. The channel does not exist for
STATUS_MORE_PROCESSING_REQUIRED, so that response is sent unsigned.
Clients reject it with STATUS_ACCESS_DENIED.

The final channel signing key also needs the key exported by the binding
authentication context. Keep that key in the channel instead of
overwriting the established session key, and use the session signing key
for intermediate and failed binding responses. Retain the binding session
reference until an error response has been signed and sent.

Limit a session to 32 channels while holding the channel lock. Return
STATUS_INSUFFICIENT_RESOURCES for an additional binding, matching the
server limit expected by clients.

This fixes smb2.multichannel.generic.num_channels, which previously
failed the first binding with STATUS_ACCESS_DENIED and returned the same
status instead of STATUS_INSUFFICIENT_RESOURCES for channel 33.

Fixes: f5a544e3bab7 ("ksmbd: add support for SMB3 multichannel")
Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
Signed-off-by: Steve French &lt;stfrench@microsoft.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ksmbd: validate SID namespace before mapping IDs</title>
<updated>2026-07-06T12:55:41+00:00</updated>
<author>
<name>Namjae Jeon</name>
<email>linkinjeon@kernel.org</email>
</author>
<published>2026-07-01T13:58:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=fbe0bb2b75eb3c61e8464486506253d1b471240b'/>
<id>fbe0bb2b75eb3c61e8464486506253d1b471240b</id>
<content type='text'>
sid_to_id() currently treats the last subauthority of any owner or group
SID as a Unix uid or gid. For example, this maps Everyone (S-1-1-0) to
uid 0 and BUILTIN\Users (S-1-5-32-545) to gid 545.

When an SMB2 CREATE security descriptor contains those SIDs, ksmbd
attempts to change the newly created file to the bogus Unix ownership.
notify_change() then returns -EPERM, which makes smb2.create.aclfile fail
with NT_STATUS_SHARING_VIOLATION.

Validate the SID prefix before extracting its RID. Only server-domain
owner SIDs and S-1-22-2 Unix group SIDs have local ID representations.
Treat other valid Windows SIDs as unmapped so their original values can
still be preserved in the NT ACL xattr.

Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
Signed-off-by: Steve French &lt;stfrench@microsoft.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
sid_to_id() currently treats the last subauthority of any owner or group
SID as a Unix uid or gid. For example, this maps Everyone (S-1-1-0) to
uid 0 and BUILTIN\Users (S-1-5-32-545) to gid 545.

When an SMB2 CREATE security descriptor contains those SIDs, ksmbd
attempts to change the newly created file to the bogus Unix ownership.
notify_change() then returns -EPERM, which makes smb2.create.aclfile fail
with NT_STATUS_SHARING_VIOLATION.

Validate the SID prefix before extracting its RID. Only server-domain
owner SIDs and S-1-22-2 Unix group SIDs have local ID representations.
Treat other valid Windows SIDs as unmapped so their original values can
still be preserved in the NT ACL xattr.

Signed-off-by: Namjae Jeon &lt;linkinjeon@kernel.org&gt;
Signed-off-by: Steve French &lt;stfrench@microsoft.com&gt;
</pre>
</div>
</content>
</entry>
</feed>
