+++ /dev/null
-From harshit.m.mogalapalli@oracle.com Sun Jan 28 09:13:27 2024
-From: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
-Date: Sun, 28 Jan 2024 09:07:58 -0800
-Subject: cifs: fix off-by-one in SMB2_query_info_init()
-To: stable@vger.kernel.org
-Cc: kovalev@altlinux.org, --cc=abuehaze@amazon.com, smfrench@gmail.com, greg@kroah.com, linux-cifs@vger.kernel.org, keescook@chromium.org, darren.kenny@oracle.com, pc@manguebit.com, nspmangalore@gmail.com, vegard.nossum@oracle.com, Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
-Message-ID: <20240128170759.2432089-1-harshit.m.mogalapalli@oracle.com>
-
-From: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
-
-Bug: After mounting the cifs fs, it complains with Resource temporarily
-unavailable messages.
-
-[root@vm1 xfstests-dev]# ./check -g quick -s smb3
-TEST_DEV=//<SERVER_IP>/TEST is mounted but not a type cifs filesystem
-[root@vm1 xfstests-dev]# df
-df: /mnt/test: Resource temporarily unavailable
-
-Paul's analysis of the bug:
-
- Bug is related to an off-by-one in smb2_set_next_command() when
- the client attempts to pad SMB2_QUERY_INFO request -- since it isn't
- 8 byte aligned -- even though smb2_query_info_compound() doesn't
- provide an extra iov for such padding.
-
- v5.15.y doesn't have
-
- eb3e28c1e89b ("smb3: Replace smb2pdu 1-element arrays with flex-arrays")
-
- and the commit does
-
- if (unlikely(check_add_overflow(input_len, sizeof(*req), &len) ||
- len > CIFSMaxBufSize))
- return -EINVAL;
-
- so sizeof(*req) will wrongly include the extra byte from
- smb2_query_info_req::Buffer making @len unaligned and therefore causing
- OOB in smb2_set_next_command().
-
-Fixes: bfd18c0f570e4 ("smb: client: fix OOB in SMB2_query_info_init()")
-Suggested-by: Paulo Alcantara <pc@manguebit.com>
-Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- fs/cifs/smb2pdu.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/fs/cifs/smb2pdu.c
-+++ b/fs/cifs/smb2pdu.c
-@@ -3448,7 +3448,7 @@ SMB2_query_info_init(struct cifs_tcon *t
-
- iov[0].iov_base = (char *)req;
- /* 1 for Buffer */
-- iov[0].iov_len = len;
-+ iov[0].iov_len = len - 1;
- return 0;
- }
-
--- /dev/null
+From fc4992458e0aa2d2e82a25c922e6ac36c2d91083 Mon Sep 17 00:00:00 2001
+From: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
+Date: Thu, 29 Dec 2022 15:44:43 +0400
+Subject: fs/ntfs3: Add null pointer checks
+
+From: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
+
+commit fc4992458e0aa2d2e82a25c922e6ac36c2d91083 upstream.
+
+Added null pointer checks in function ntfs_security_init.
+Also added le32_to_cpu in functions ntfs_security_init and indx_read.
+
+Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
+Cc: "Doebel, Bjoern" <doebel@amazon.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ntfs3/fsntfs.c | 16 ++++++++++------
+ fs/ntfs3/index.c | 3 ++-
+ 2 files changed, 12 insertions(+), 7 deletions(-)
+
+--- a/fs/ntfs3/fsntfs.c
++++ b/fs/ntfs3/fsntfs.c
+@@ -1872,10 +1872,12 @@ int ntfs_security_init(struct ntfs_sb_in
+ goto out;
+ }
+
+- root_sdh = resident_data_ex(attr, sizeof(struct INDEX_ROOT));
+- if (root_sdh->type != ATTR_ZERO ||
++ if(!(root_sdh = resident_data_ex(attr, sizeof(struct INDEX_ROOT))) ||
++ root_sdh->type != ATTR_ZERO ||
+ root_sdh->rule != NTFS_COLLATION_TYPE_SECURITY_HASH ||
+- offsetof(struct INDEX_ROOT, ihdr) + root_sdh->ihdr.used > attr->res.data_size) {
++ offsetof(struct INDEX_ROOT, ihdr) +
++ le32_to_cpu(root_sdh->ihdr.used) >
++ le32_to_cpu(attr->res.data_size)) {
+ err = -EINVAL;
+ goto out;
+ }
+@@ -1891,10 +1893,12 @@ int ntfs_security_init(struct ntfs_sb_in
+ goto out;
+ }
+
+- root_sii = resident_data_ex(attr, sizeof(struct INDEX_ROOT));
+- if (root_sii->type != ATTR_ZERO ||
++ if(!(root_sii = resident_data_ex(attr, sizeof(struct INDEX_ROOT))) ||
++ root_sii->type != ATTR_ZERO ||
+ root_sii->rule != NTFS_COLLATION_TYPE_UINT ||
+- offsetof(struct INDEX_ROOT, ihdr) + root_sii->ihdr.used > attr->res.data_size) {
++ offsetof(struct INDEX_ROOT, ihdr) +
++ le32_to_cpu(root_sii->ihdr.used) >
++ le32_to_cpu(attr->res.data_size)) {
+ err = -EINVAL;
+ goto out;
+ }
+--- a/fs/ntfs3/index.c
++++ b/fs/ntfs3/index.c
+@@ -1106,7 +1106,8 @@ ok:
+ }
+
+ /* check for index header length */
+- if (offsetof(struct INDEX_BUFFER, ihdr) + ib->ihdr.used > bytes) {
++ if (offsetof(struct INDEX_BUFFER, ihdr) + le32_to_cpu(ib->ihdr.used) >
++ bytes) {
+ err = -EINVAL;
+ goto out;
+ }
--- /dev/null
+From a9f31047baca57d47440c879cf259b86f900260c Mon Sep 17 00:00:00 2001
+From: Florian Fainelli <florian.fainelli@broadcom.com>
+Date: Tue, 6 Jun 2023 14:43:47 -0700
+Subject: net: bcmgenet: Fix EEE implementation
+
+From: Florian Fainelli <florian.fainelli@broadcom.com>
+
+commit a9f31047baca57d47440c879cf259b86f900260c upstream.
+
+We had a number of short comings:
+
+- EEE must be re-evaluated whenever the state machine detects a link
+ change as wight be switching from a link partner with EEE
+ enabled/disabled
+
+- tx_lpi_enabled controls whether EEE should be enabled/disabled for the
+ transmit path, which applies to the TBUF block
+
+- We do not need to forcibly enable EEE upon system resume, as the PHY
+ state machine will trigger a link event that will do that, too
+
+Fixes: 6ef398ea60d9 ("net: bcmgenet: add EEE support")
+Signed-off-by: Florian Fainelli <florian.fainelli@broadcom.com>
+Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
+Link: https://lore.kernel.org/r/20230606214348.2408018-1-florian.fainelli@broadcom.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+
+---
+ drivers/net/ethernet/broadcom/genet/bcmgenet.c | 22 ++++++++--------------
+ drivers/net/ethernet/broadcom/genet/bcmgenet.h | 3 +++
+ drivers/net/ethernet/broadcom/genet/bcmmii.c | 6 ++++++
+ 3 files changed, 17 insertions(+), 14 deletions(-)
+
+--- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c
++++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
+@@ -1248,7 +1248,8 @@ static void bcmgenet_get_ethtool_stats(s
+ }
+ }
+
+-static void bcmgenet_eee_enable_set(struct net_device *dev, bool enable)
++void bcmgenet_eee_enable_set(struct net_device *dev, bool enable,
++ bool tx_lpi_enabled)
+ {
+ struct bcmgenet_priv *priv = netdev_priv(dev);
+ u32 off = priv->hw_params->tbuf_offset + TBUF_ENERGY_CTRL;
+@@ -1268,7 +1269,7 @@ static void bcmgenet_eee_enable_set(stru
+
+ /* Enable EEE and switch to a 27Mhz clock automatically */
+ reg = bcmgenet_readl(priv->base + off);
+- if (enable)
++ if (tx_lpi_enabled)
+ reg |= TBUF_EEE_EN | TBUF_PM_EN;
+ else
+ reg &= ~(TBUF_EEE_EN | TBUF_PM_EN);
+@@ -1289,6 +1290,7 @@ static void bcmgenet_eee_enable_set(stru
+
+ priv->eee.eee_enabled = enable;
+ priv->eee.eee_active = enable;
++ priv->eee.tx_lpi_enabled = tx_lpi_enabled;
+ }
+
+ static int bcmgenet_get_eee(struct net_device *dev, struct ethtool_eee *e)
+@@ -1304,6 +1306,7 @@ static int bcmgenet_get_eee(struct net_d
+
+ e->eee_enabled = p->eee_enabled;
+ e->eee_active = p->eee_active;
++ e->tx_lpi_enabled = p->tx_lpi_enabled;
+ e->tx_lpi_timer = bcmgenet_umac_readl(priv, UMAC_EEE_LPI_TIMER);
+
+ return phy_ethtool_get_eee(dev->phydev, e);
+@@ -1313,7 +1316,6 @@ static int bcmgenet_set_eee(struct net_d
+ {
+ struct bcmgenet_priv *priv = netdev_priv(dev);
+ struct ethtool_eee *p = &priv->eee;
+- int ret = 0;
+
+ if (GENET_IS_V1(priv))
+ return -EOPNOTSUPP;
+@@ -1324,16 +1326,11 @@ static int bcmgenet_set_eee(struct net_d
+ p->eee_enabled = e->eee_enabled;
+
+ if (!p->eee_enabled) {
+- bcmgenet_eee_enable_set(dev, false);
++ bcmgenet_eee_enable_set(dev, false, false);
+ } else {
+- ret = phy_init_eee(dev->phydev, 0);
+- if (ret) {
+- netif_err(priv, hw, dev, "EEE initialization failed\n");
+- return ret;
+- }
+-
++ p->eee_active = phy_init_eee(dev->phydev, false) >= 0;
+ bcmgenet_umac_writel(priv, e->tx_lpi_timer, UMAC_EEE_LPI_TIMER);
+- bcmgenet_eee_enable_set(dev, true);
++ bcmgenet_eee_enable_set(dev, p->eee_active, e->tx_lpi_enabled);
+ }
+
+ return phy_ethtool_set_eee(dev->phydev, e);
+@@ -4219,9 +4216,6 @@ static int bcmgenet_resume(struct device
+ if (!device_may_wakeup(d))
+ phy_resume(dev->phydev);
+
+- if (priv->eee.eee_enabled)
+- bcmgenet_eee_enable_set(dev, true);
+-
+ bcmgenet_netif_start(dev);
+
+ netif_device_attach(dev);
+--- a/drivers/net/ethernet/broadcom/genet/bcmgenet.h
++++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.h
+@@ -701,4 +701,7 @@ int bcmgenet_wol_power_down_cfg(struct b
+ void bcmgenet_wol_power_up_cfg(struct bcmgenet_priv *priv,
+ enum bcmgenet_power_mode mode);
+
++void bcmgenet_eee_enable_set(struct net_device *dev, bool enable,
++ bool tx_lpi_enabled);
++
+ #endif /* __BCMGENET_H__ */
+--- a/drivers/net/ethernet/broadcom/genet/bcmmii.c
++++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c
+@@ -25,6 +25,7 @@
+
+ #include "bcmgenet.h"
+
++
+ /* setup netdev link state when PHY link status change and
+ * update UMAC and RGMII block when link up
+ */
+@@ -102,6 +103,11 @@ void bcmgenet_mii_setup(struct net_devic
+ reg |= CMD_TX_EN | CMD_RX_EN;
+ }
+ bcmgenet_umac_writel(priv, reg, UMAC_CMD);
++
++ priv->eee.eee_active = phy_init_eee(phydev, 0) >= 0;
++ bcmgenet_eee_enable_set(dev,
++ priv->eee.eee_enabled && priv->eee.eee_active,
++ priv->eee.tx_lpi_enabled);
+ } else {
+ /* done if nothing has changed */
+ if (!status_changed)
--- /dev/null
+From samasth.norway.ananda@oracle.com Wed Feb 21 11:58:49 2024
+From: Samasth Norway Ananda <samasth.norway.ananda@oracle.com>
+Date: Fri, 2 Feb 2024 17:12:28 -0800
+Subject: Revert "selftests/bpf: Test tail call counting with bpf2bpf and data on stack"
+To: stable@vger.kernel.org
+Cc: jakub@cloudflare.com, daniel@iogearbox.net, samasth.norway.ananda@oracle.com, alan.maguire@oracle.com
+Message-ID: <20240203011229.3326803-1-samasth.norway.ananda@oracle.com>
+
+From: Samasth Norway Ananda <samasth.norway.ananda@oracle.com>
+
+This reverts commit 3eefb2fbf4ec1c1ff239b8b65e6e78aae335e4a6.
+
+libbpf support for "tc" progs doesn't exist for the linux-5.15.y tree.
+This commit was backported too far back in upstream, to a kernel where
+the libbpf support was not there for the test.
+
+Signed-off-by: Samasth Norway Ananda <samasth.norway.ananda@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ tools/testing/selftests/bpf/prog_tests/tailcalls.c | 55 ------------------
+ tools/testing/selftests/bpf/progs/tailcall_bpf2bpf6.c | 42 -------------
+ 2 files changed, 97 deletions(-)
+ delete mode 100644 tools/testing/selftests/bpf/progs/tailcall_bpf2bpf6.c
+
+--- a/tools/testing/selftests/bpf/prog_tests/tailcalls.c
++++ b/tools/testing/selftests/bpf/prog_tests/tailcalls.c
+@@ -810,59 +810,6 @@ out:
+ bpf_object__close(obj);
+ }
+
+-#include "tailcall_bpf2bpf6.skel.h"
+-
+-/* Tail call counting works even when there is data on stack which is
+- * not aligned to 8 bytes.
+- */
+-static void test_tailcall_bpf2bpf_6(void)
+-{
+- struct tailcall_bpf2bpf6 *obj;
+- int err, map_fd, prog_fd, main_fd, data_fd, i, val;
+- LIBBPF_OPTS(bpf_test_run_opts, topts,
+- .data_in = &pkt_v4,
+- .data_size_in = sizeof(pkt_v4),
+- .repeat = 1,
+- );
+-
+- obj = tailcall_bpf2bpf6__open_and_load();
+- if (!ASSERT_OK_PTR(obj, "open and load"))
+- return;
+-
+- main_fd = bpf_program__fd(obj->progs.entry);
+- if (!ASSERT_GE(main_fd, 0, "entry prog fd"))
+- goto out;
+-
+- map_fd = bpf_map__fd(obj->maps.jmp_table);
+- if (!ASSERT_GE(map_fd, 0, "jmp_table map fd"))
+- goto out;
+-
+- prog_fd = bpf_program__fd(obj->progs.classifier_0);
+- if (!ASSERT_GE(prog_fd, 0, "classifier_0 prog fd"))
+- goto out;
+-
+- i = 0;
+- err = bpf_map_update_elem(map_fd, &i, &prog_fd, BPF_ANY);
+- if (!ASSERT_OK(err, "jmp_table map update"))
+- goto out;
+-
+- err = bpf_prog_test_run_opts(main_fd, &topts);
+- ASSERT_OK(err, "entry prog test run");
+- ASSERT_EQ(topts.retval, 0, "tailcall retval");
+-
+- data_fd = bpf_map__fd(obj->maps.bss);
+- if (!ASSERT_GE(data_fd, 0, "bss map fd"))
+- goto out;
+-
+- i = 0;
+- err = bpf_map_lookup_elem(data_fd, &i, &val);
+- ASSERT_OK(err, "bss map lookup");
+- ASSERT_EQ(val, 1, "done flag is set");
+-
+-out:
+- tailcall_bpf2bpf6__destroy(obj);
+-}
+-
+ void test_tailcalls(void)
+ {
+ if (test__start_subtest("tailcall_1"))
+@@ -885,6 +832,4 @@ void test_tailcalls(void)
+ test_tailcall_bpf2bpf_4(false);
+ if (test__start_subtest("tailcall_bpf2bpf_5"))
+ test_tailcall_bpf2bpf_4(true);
+- if (test__start_subtest("tailcall_bpf2bpf_6"))
+- test_tailcall_bpf2bpf_6();
+ }
+--- a/tools/testing/selftests/bpf/progs/tailcall_bpf2bpf6.c
++++ /dev/null
+@@ -1,42 +0,0 @@
+-// SPDX-License-Identifier: GPL-2.0
+-#include <linux/bpf.h>
+-#include <bpf/bpf_helpers.h>
+-
+-#define __unused __attribute__((unused))
+-
+-struct {
+- __uint(type, BPF_MAP_TYPE_PROG_ARRAY);
+- __uint(max_entries, 1);
+- __uint(key_size, sizeof(__u32));
+- __uint(value_size, sizeof(__u32));
+-} jmp_table SEC(".maps");
+-
+-int done = 0;
+-
+-SEC("tc")
+-int classifier_0(struct __sk_buff *skb __unused)
+-{
+- done = 1;
+- return 0;
+-}
+-
+-static __noinline
+-int subprog_tail(struct __sk_buff *skb)
+-{
+- /* Don't propagate the constant to the caller */
+- volatile int ret = 1;
+-
+- bpf_tail_call_static(skb, &jmp_table, 0);
+- return ret;
+-}
+-
+-SEC("tc")
+-int entry(struct __sk_buff *skb)
+-{
+- /* Have data on stack which size is not a multiple of 8 */
+- volatile char arr[1] = {};
+-
+- return subprog_tail(skb);
+-}
+-
+-char __license[] SEC("license") = "GPL";
drm-bridge-nxp-ptn3460-fix-i2c_master_send-error-checking.patch
drm-tidss-fix-atomic_flush-check.patch
drm-bridge-nxp-ptn3460-simplify-some-error-checking.patch
-cifs-fix-off-by-one-in-smb2_query_info_init.patch
pm-core-remove-unnecessary-void-conversions.patch
pm-sleep-fix-possible-deadlocks-in-core-system-wide-.patch
bus-mhi-host-rename-struct-mhi_tre-to-struct-mhi_rin.patch
arm64-subscribe-microsoft-azure-cobalt-100-to-arm-neoverse-n2-errata.patch
pm-runtime-have-devm_pm_runtime_enable-handle-pm_runtime_dont_use_autosuspend.patch
drm-msm-dsi-enable-runtime-pm.patch
+revert-selftests-bpf-test-tail-call-counting-with-bpf2bpf-and-data-on-stack.patch
+net-bcmgenet-fix-eee-implementation.patch
+fs-ntfs3-add-null-pointer-checks.patch
+smb3-replace-smb2pdu-1-element-arrays-with-flex-arrays.patch
--- /dev/null
+From eb3e28c1e89b4984308777231887e41aa8a0151f Mon Sep 17 00:00:00 2001
+From: Kees Cook <keescook@chromium.org>
+Date: Fri, 17 Feb 2023 16:24:40 -0800
+Subject: smb3: Replace smb2pdu 1-element arrays with flex-arrays
+
+From: Kees Cook <keescook@chromium.org>
+
+commit eb3e28c1e89b4984308777231887e41aa8a0151f upstream.
+
+The kernel is globally removing the ambiguous 0-length and 1-element
+arrays in favor of flexible arrays, so that we can gain both compile-time
+and run-time array bounds checking[1].
+
+Replace the trailing 1-element array with a flexible array in the
+following structures:
+
+ struct smb2_err_rsp
+ struct smb2_tree_connect_req
+ struct smb2_negotiate_rsp
+ struct smb2_sess_setup_req
+ struct smb2_sess_setup_rsp
+ struct smb2_read_req
+ struct smb2_read_rsp
+ struct smb2_write_req
+ struct smb2_write_rsp
+ struct smb2_query_directory_req
+ struct smb2_query_directory_rsp
+ struct smb2_set_info_req
+ struct smb2_change_notify_rsp
+ struct smb2_create_rsp
+ struct smb2_query_info_req
+ struct smb2_query_info_rsp
+
+Replace the trailing 1-element array with a flexible array, but leave
+the existing structure padding:
+
+ struct smb2_file_all_info
+ struct smb2_lock_req
+
+Adjust all related size calculations to match the changes to sizeof().
+
+No machine code output or .data section differences are produced after
+these changes.
+
+[1] For lots of details, see both:
+ https://docs.kernel.org/process/deprecated.html#zero-length-and-one-element-arrays
+ https://people.kernel.org/kees/bounded-flexible-arrays-in-c
+
+Cc: Steve French <sfrench@samba.org>
+Cc: Paulo Alcantara <pc@cjr.nz>
+Cc: Ronnie Sahlberg <lsahlber@redhat.com>
+Cc: Shyam Prasad N <sprasad@microsoft.com>
+Cc: Tom Talpey <tom@talpey.com>
+Cc: Namjae Jeon <linkinjeon@kernel.org>
+Cc: Sergey Senozhatsky <senozhatsky@chromium.org>
+Cc: linux-cifs@vger.kernel.org
+Cc: samba-technical@lists.samba.org
+Reviewed-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/cifs/smb2misc.c | 2 +-
+ fs/cifs/smb2ops.c | 14 +++++++-------
+ fs/cifs/smb2pdu.c | 13 ++++++-------
+ fs/cifs/smb2pdu.h | 42 ++++++++++++++++++++++++------------------
+ 4 files changed, 38 insertions(+), 33 deletions(-)
+
+--- a/fs/cifs/smb2misc.c
++++ b/fs/cifs/smb2misc.c
+@@ -113,7 +113,7 @@ static __u32 get_neg_ctxt_len(struct smb
+ } else if (nc_offset + 1 == non_ctxlen) {
+ cifs_dbg(FYI, "no SPNEGO security blob in negprot rsp\n");
+ size_of_pad_before_neg_ctxts = 0;
+- } else if (non_ctxlen == SMB311_NEGPROT_BASE_SIZE)
++ } else if (non_ctxlen == SMB311_NEGPROT_BASE_SIZE + 1)
+ /* has padding, but no SPNEGO blob */
+ size_of_pad_before_neg_ctxts = nc_offset - non_ctxlen + 1;
+ else
+--- a/fs/cifs/smb2ops.c
++++ b/fs/cifs/smb2ops.c
+@@ -5826,7 +5826,7 @@ struct smb_version_values smb20_values =
+ .header_size = sizeof(struct smb2_sync_hdr),
+ .header_preamble_size = 0,
+ .max_header_size = MAX_SMB2_HDR_SIZE,
+- .read_rsp_size = sizeof(struct smb2_read_rsp) - 1,
++ .read_rsp_size = sizeof(struct smb2_read_rsp),
+ .lock_cmd = SMB2_LOCK,
+ .cap_unix = 0,
+ .cap_nt_find = SMB2_NT_FIND,
+@@ -5848,7 +5848,7 @@ struct smb_version_values smb21_values =
+ .header_size = sizeof(struct smb2_sync_hdr),
+ .header_preamble_size = 0,
+ .max_header_size = MAX_SMB2_HDR_SIZE,
+- .read_rsp_size = sizeof(struct smb2_read_rsp) - 1,
++ .read_rsp_size = sizeof(struct smb2_read_rsp),
+ .lock_cmd = SMB2_LOCK,
+ .cap_unix = 0,
+ .cap_nt_find = SMB2_NT_FIND,
+@@ -5869,7 +5869,7 @@ struct smb_version_values smb3any_values
+ .header_size = sizeof(struct smb2_sync_hdr),
+ .header_preamble_size = 0,
+ .max_header_size = MAX_SMB2_HDR_SIZE,
+- .read_rsp_size = sizeof(struct smb2_read_rsp) - 1,
++ .read_rsp_size = sizeof(struct smb2_read_rsp),
+ .lock_cmd = SMB2_LOCK,
+ .cap_unix = 0,
+ .cap_nt_find = SMB2_NT_FIND,
+@@ -5890,7 +5890,7 @@ struct smb_version_values smbdefault_val
+ .header_size = sizeof(struct smb2_sync_hdr),
+ .header_preamble_size = 0,
+ .max_header_size = MAX_SMB2_HDR_SIZE,
+- .read_rsp_size = sizeof(struct smb2_read_rsp) - 1,
++ .read_rsp_size = sizeof(struct smb2_read_rsp),
+ .lock_cmd = SMB2_LOCK,
+ .cap_unix = 0,
+ .cap_nt_find = SMB2_NT_FIND,
+@@ -5911,7 +5911,7 @@ struct smb_version_values smb30_values =
+ .header_size = sizeof(struct smb2_sync_hdr),
+ .header_preamble_size = 0,
+ .max_header_size = MAX_SMB2_HDR_SIZE,
+- .read_rsp_size = sizeof(struct smb2_read_rsp) - 1,
++ .read_rsp_size = sizeof(struct smb2_read_rsp),
+ .lock_cmd = SMB2_LOCK,
+ .cap_unix = 0,
+ .cap_nt_find = SMB2_NT_FIND,
+@@ -5932,7 +5932,7 @@ struct smb_version_values smb302_values
+ .header_size = sizeof(struct smb2_sync_hdr),
+ .header_preamble_size = 0,
+ .max_header_size = MAX_SMB2_HDR_SIZE,
+- .read_rsp_size = sizeof(struct smb2_read_rsp) - 1,
++ .read_rsp_size = sizeof(struct smb2_read_rsp),
+ .lock_cmd = SMB2_LOCK,
+ .cap_unix = 0,
+ .cap_nt_find = SMB2_NT_FIND,
+@@ -5953,7 +5953,7 @@ struct smb_version_values smb311_values
+ .header_size = sizeof(struct smb2_sync_hdr),
+ .header_preamble_size = 0,
+ .max_header_size = MAX_SMB2_HDR_SIZE,
+- .read_rsp_size = sizeof(struct smb2_read_rsp) - 1,
++ .read_rsp_size = sizeof(struct smb2_read_rsp),
+ .lock_cmd = SMB2_LOCK,
+ .cap_unix = 0,
+ .cap_nt_find = SMB2_NT_FIND,
+--- a/fs/cifs/smb2pdu.c
++++ b/fs/cifs/smb2pdu.c
+@@ -1327,7 +1327,7 @@ SMB2_sess_sendreceive(struct SMB2_sess_d
+
+ /* Testing shows that buffer offset must be at location of Buffer[0] */
+ req->SecurityBufferOffset =
+- cpu_to_le16(sizeof(struct smb2_sess_setup_req) - 1 /* pad */);
++ cpu_to_le16(sizeof(struct smb2_sess_setup_req));
+ req->SecurityBufferLength = cpu_to_le16(sess_data->iov[1].iov_len);
+
+ memset(&rqst, 0, sizeof(struct smb_rqst));
+@@ -1826,8 +1826,7 @@ SMB2_tcon(const unsigned int xid, struct
+ iov[0].iov_len = total_len - 1;
+
+ /* Testing shows that buffer offset must be at location of Buffer[0] */
+- req->PathOffset = cpu_to_le16(sizeof(struct smb2_tree_connect_req)
+- - 1 /* pad */);
++ req->PathOffset = cpu_to_le16(sizeof(struct smb2_tree_connect_req));
+ req->PathLength = cpu_to_le16(unc_path_len - 2);
+ iov[1].iov_base = unc_path;
+ iov[1].iov_len = unc_path_len;
+@@ -4748,7 +4747,7 @@ int SMB2_query_directory_init(const unsi
+ memcpy(bufptr, &asteriks, len);
+
+ req->FileNameOffset =
+- cpu_to_le16(sizeof(struct smb2_query_directory_req) - 1);
++ cpu_to_le16(sizeof(struct smb2_query_directory_req));
+ req->FileNameLength = cpu_to_le16(len);
+ /*
+ * BB could be 30 bytes or so longer if we used SMB2 specific
+@@ -4945,7 +4944,7 @@ SMB2_set_info_init(struct cifs_tcon *tco
+ req->AdditionalInformation = cpu_to_le32(additional_info);
+
+ req->BufferOffset =
+- cpu_to_le16(sizeof(struct smb2_set_info_req) - 1);
++ cpu_to_le16(sizeof(struct smb2_set_info_req));
+ req->BufferLength = cpu_to_le32(*size);
+
+ memcpy(req->Buffer, *data, *size);
+@@ -5177,9 +5176,9 @@ build_qfs_info_req(struct kvec *iov, str
+ req->VolatileFileId = volatile_fid;
+ /* 1 for pad */
+ req->InputBufferOffset =
+- cpu_to_le16(sizeof(struct smb2_query_info_req) - 1);
++ cpu_to_le16(sizeof(struct smb2_query_info_req));
+ req->OutputBufferLength = cpu_to_le32(
+- outbuf_len + sizeof(struct smb2_query_info_rsp) - 1);
++ outbuf_len + sizeof(struct smb2_query_info_rsp));
+
+ iov->iov_base = (char *)req;
+ iov->iov_len = total_len;
+--- a/fs/cifs/smb2pdu.h
++++ b/fs/cifs/smb2pdu.h
+@@ -218,7 +218,7 @@ struct smb2_err_rsp {
+ __le16 StructureSize;
+ __le16 Reserved; /* MBZ */
+ __le32 ByteCount; /* even if zero, at least one byte follows */
+- __u8 ErrorData[1]; /* variable length */
++ __u8 ErrorData[]; /* variable length */
+ } __packed;
+
+ #define SYMLINK_ERROR_TAG 0x4c4d5953
+@@ -487,7 +487,7 @@ struct smb2_negotiate_rsp {
+ __le16 SecurityBufferOffset;
+ __le16 SecurityBufferLength;
+ __le32 NegotiateContextOffset; /* Pre:SMB3.1.1 was reserved/ignored */
+- __u8 Buffer[1]; /* variable length GSS security buffer */
++ __u8 Buffer[]; /* variable length GSS security buffer */
+ } __packed;
+
+ /* Flags */
+@@ -504,7 +504,7 @@ struct smb2_sess_setup_req {
+ __le16 SecurityBufferOffset;
+ __le16 SecurityBufferLength;
+ __u64 PreviousSessionId;
+- __u8 Buffer[1]; /* variable length GSS security buffer */
++ __u8 Buffer[]; /* variable length GSS security buffer */
+ } __packed;
+
+ /* Currently defined SessionFlags */
+@@ -517,7 +517,7 @@ struct smb2_sess_setup_rsp {
+ __le16 SessionFlags;
+ __le16 SecurityBufferOffset;
+ __le16 SecurityBufferLength;
+- __u8 Buffer[1]; /* variable length GSS security buffer */
++ __u8 Buffer[]; /* variable length GSS security buffer */
+ } __packed;
+
+ struct smb2_logoff_req {
+@@ -543,7 +543,7 @@ struct smb2_tree_connect_req {
+ __le16 Flags; /* Reserved MBZ for dialects prior to SMB3.1.1 */
+ __le16 PathOffset;
+ __le16 PathLength;
+- __u8 Buffer[1]; /* variable length */
++ __u8 Buffer[]; /* variable length */
+ } __packed;
+
+ /* See MS-SMB2 section 2.2.9.2 */
+@@ -852,7 +852,7 @@ struct smb2_create_rsp {
+ __u64 VolatileFileId; /* opaque endianness */
+ __le32 CreateContextsOffset;
+ __le32 CreateContextsLength;
+- __u8 Buffer[1];
++ __u8 Buffer[];
+ } __packed;
+
+ struct create_context {
+@@ -1313,7 +1313,7 @@ struct smb2_read_plain_req {
+ __le32 RemainingBytes;
+ __le16 ReadChannelInfoOffset;
+ __le16 ReadChannelInfoLength;
+- __u8 Buffer[1];
++ __u8 Buffer[];
+ } __packed;
+
+ /* Read flags */
+@@ -1328,7 +1328,7 @@ struct smb2_read_rsp {
+ __le32 DataLength;
+ __le32 DataRemaining;
+ __u32 Flags;
+- __u8 Buffer[1];
++ __u8 Buffer[];
+ } __packed;
+
+ /* For write request Flags field below the following flags are defined: */
+@@ -1348,7 +1348,7 @@ struct smb2_write_req {
+ __le16 WriteChannelInfoOffset;
+ __le16 WriteChannelInfoLength;
+ __le32 Flags;
+- __u8 Buffer[1];
++ __u8 Buffer[];
+ } __packed;
+
+ struct smb2_write_rsp {
+@@ -1359,7 +1359,7 @@ struct smb2_write_rsp {
+ __le32 DataLength;
+ __le32 DataRemaining;
+ __u32 Reserved2;
+- __u8 Buffer[1];
++ __u8 Buffer[];
+ } __packed;
+
+ /* notify flags */
+@@ -1395,7 +1395,7 @@ struct smb2_change_notify_rsp {
+ __le16 StructureSize; /* Must be 9 */
+ __le16 OutputBufferOffset;
+ __le32 OutputBufferLength;
+- __u8 Buffer[1]; /* array of file notify structs */
++ __u8 Buffer[]; /* array of file notify structs */
+ } __packed;
+
+ #define SMB2_LOCKFLAG_SHARED_LOCK 0x0001
+@@ -1422,7 +1422,10 @@ struct smb2_lock_req {
+ __u64 PersistentFileId; /* opaque endianness */
+ __u64 VolatileFileId; /* opaque endianness */
+ /* Followed by at least one */
+- struct smb2_lock_element locks[1];
++ union {
++ struct smb2_lock_element lock;
++ DECLARE_FLEX_ARRAY(struct smb2_lock_element, locks);
++ };
+ } __packed;
+
+ struct smb2_lock_rsp {
+@@ -1478,7 +1481,7 @@ struct smb2_query_directory_req {
+ __le16 FileNameOffset;
+ __le16 FileNameLength;
+ __le32 OutputBufferLength;
+- __u8 Buffer[1];
++ __u8 Buffer[];
+ } __packed;
+
+ struct smb2_query_directory_rsp {
+@@ -1486,7 +1489,7 @@ struct smb2_query_directory_rsp {
+ __le16 StructureSize; /* Must be 9 */
+ __le16 OutputBufferOffset;
+ __le32 OutputBufferLength;
+- __u8 Buffer[1];
++ __u8 Buffer[];
+ } __packed;
+
+ /* Possible InfoType values */
+@@ -1527,7 +1530,7 @@ struct smb2_query_info_req {
+ __le32 Flags;
+ __u64 PersistentFileId; /* opaque endianness */
+ __u64 VolatileFileId; /* opaque endianness */
+- __u8 Buffer[1];
++ __u8 Buffer[];
+ } __packed;
+
+ struct smb2_query_info_rsp {
+@@ -1535,7 +1538,7 @@ struct smb2_query_info_rsp {
+ __le16 StructureSize; /* Must be 9 */
+ __le16 OutputBufferOffset;
+ __le32 OutputBufferLength;
+- __u8 Buffer[1];
++ __u8 Buffer[];
+ } __packed;
+
+ /*
+@@ -1558,7 +1561,7 @@ struct smb2_set_info_req {
+ __le32 AdditionalInformation;
+ __u64 PersistentFileId; /* opaque endianness */
+ __u64 VolatileFileId; /* opaque endianness */
+- __u8 Buffer[1];
++ __u8 Buffer[];
+ } __packed;
+
+ struct smb2_set_info_rsp {
+@@ -1761,7 +1764,10 @@ struct smb2_file_all_info { /* data bloc
+ __le32 Mode;
+ __le32 AlignmentRequirement;
+ __le32 FileNameLength;
+- char FileName[1];
++ union {
++ char __pad; /* Legacy structure padding */
++ DECLARE_FLEX_ARRAY(char, FileName);
++ };
+ } __packed; /* level 18 Query */
+
+ struct smb2_file_eof_info { /* encoding of request for level 10 */
projects / thirdparty / kernel / stable-queue.git / commitdiff
