5.4-stable patches

added patches:
	arm64-dts-qcom-fix-interrupt-map-parent-address-cells.patch
	btrfs-add-missing-mutex_unlock-in-btrfs_relocate_sys_chunks.patch
	drm-amdgpu-fix-possible-null-dereference-in-amdgpu_ras_query_error_status_helper.patch
	firmware-arm_scmi-harden-accesses-to-the-reset-domains.patch
	smb-client-fix-potential-oobs-in-smb2_parse_contexts.patch

diff --git a/queue-5.4/arm64-dts-qcom-fix-interrupt-map-parent-address-cells.patch b/queue-5.4/arm64-dts-qcom-fix-interrupt-map-parent-address-cells.patch
new file mode 100644 (file)
index 0000000..0e065f7
--- /dev/null
+++ b/queue-5.4/arm64-dts-qcom-fix-interrupt-map-parent-address-cells.patch
@@ -0,0 +1,41 @@
+From 0ac10b291bee84b00bf9fb2afda444e77e7f88f4 Mon Sep 17 00:00:00 2001
+From: Rob Herring <robh@kernel.org>
+Date: Tue, 28 Sep 2021 14:22:09 -0500
+Subject: arm64: dts: qcom: Fix 'interrupt-map' parent address cells
+
+From: Rob Herring <robh@kernel.org>
+
+commit 0ac10b291bee84b00bf9fb2afda444e77e7f88f4 upstream.
+
+The 'interrupt-map' in several QCom SoCs is malformed. The '#address-cells'
+size of the parent interrupt controller (the GIC) is not accounted for.
+
+Cc: Andy Gross <agross@kernel.org>
+Cc: Bjorn Andersson <bjorn.andersson@linaro.org>
+Cc: linux-arm-msm@vger.kernel.org
+Signed-off-by: Rob Herring <robh@kernel.org>
+Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
+Link: https://lore.kernel.org/r/20210928192210.1842377-1-robh@kernel.org
+Signed-off-by: Alex Elder <elder@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm64/boot/dts/qcom/msm8998.dtsi |    8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/arch/arm64/boot/dts/qcom/msm8998.dtsi
++++ b/arch/arm64/boot/dts/qcom/msm8998.dtsi
+@@ -872,10 +872,10 @@
+                       interrupts = <GIC_SPI 405 IRQ_TYPE_LEVEL_HIGH>;
+                       interrupt-names = "msi";
+                       interrupt-map-mask = <0 0 0 0x7>;
+-                      interrupt-map = <0 0 0 1 &intc 0 135 IRQ_TYPE_LEVEL_HIGH>,
+-                                      <0 0 0 2 &intc 0 136 IRQ_TYPE_LEVEL_HIGH>,
+-                                      <0 0 0 3 &intc 0 138 IRQ_TYPE_LEVEL_HIGH>,
+-                                      <0 0 0 4 &intc 0 139 IRQ_TYPE_LEVEL_HIGH>;
++                      interrupt-map = <0 0 0 1 &intc 0 0 135 IRQ_TYPE_LEVEL_HIGH>,
++                                      <0 0 0 2 &intc 0 0 136 IRQ_TYPE_LEVEL_HIGH>,
++                                      <0 0 0 3 &intc 0 0 138 IRQ_TYPE_LEVEL_HIGH>,
++                                      <0 0 0 4 &intc 0 0 139 IRQ_TYPE_LEVEL_HIGH>;
+ 
+                       clocks = <&gcc GCC_PCIE_0_PIPE_CLK>,
+                                <&gcc GCC_PCIE_0_MSTR_AXI_CLK>,

diff --git a/queue-5.4/btrfs-add-missing-mutex_unlock-in-btrfs_relocate_sys_chunks.patch b/queue-5.4/btrfs-add-missing-mutex_unlock-in-btrfs_relocate_sys_chunks.patch
new file mode 100644 (file)
index 0000000..7d462db
--- /dev/null
+++ b/queue-5.4/btrfs-add-missing-mutex_unlock-in-btrfs_relocate_sys_chunks.patch
@@ -0,0 +1,36 @@
+From 9af503d91298c3f2945e73703f0e00995be08c30 Mon Sep 17 00:00:00 2001
+From: Dominique Martinet <dominique.martinet@atmark-techno.com>
+Date: Fri, 19 Apr 2024 11:22:48 +0900
+Subject: btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks()
+
+From: Dominique Martinet <dominique.martinet@atmark-techno.com>
+
+commit 9af503d91298c3f2945e73703f0e00995be08c30 upstream.
+
+The previous patch that replaced BUG_ON by error handling forgot to
+unlock the mutex in the error path.
+
+Link: https://lore.kernel.org/all/Zh%2fHpAGFqa7YAFuM@duo.ucw.cz
+Reported-by: Pavel Machek <pavel@denx.de>
+Fixes: 7411055db5ce ("btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()")
+CC: stable@vger.kernel.org
+Reviewed-by: Pavel Machek <pavel@denx.de>
+Signed-off-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/volumes.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/btrfs/volumes.c
++++ b/fs/btrfs/volumes.c
+@@ -3277,6 +3277,7 @@ again:
+                        * alignment and size).
+                        */
+                       ret = -EUCLEAN;
++                      mutex_unlock(&fs_info->delete_unused_bgs_mutex);
+                       goto error;
+               }
+ 

diff --git a/queue-5.4/drm-amdgpu-fix-possible-null-dereference-in-amdgpu_ras_query_error_status_helper.patch b/queue-5.4/drm-amdgpu-fix-possible-null-dereference-in-amdgpu_ras_query_error_status_helper.patch
new file mode 100644 (file)
index 0000000..e99f4c6
--- /dev/null
+++ b/queue-5.4/drm-amdgpu-fix-possible-null-dereference-in-amdgpu_ras_query_error_status_helper.patch
@@ -0,0 +1,47 @@
+From b8d55a90fd55b767c25687747e2b24abd1ef8680 Mon Sep 17 00:00:00 2001
+From: Srinivasan Shanmugam <srinivasan.shanmugam@amd.com>
+Date: Tue, 26 Dec 2023 15:32:19 +0530
+Subject: drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Srinivasan Shanmugam <srinivasan.shanmugam@amd.com>
+
+commit b8d55a90fd55b767c25687747e2b24abd1ef8680 upstream.
+
+Return invalid error code -EINVAL for invalid block id.
+
+Fixes the below:
+
+drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183 amdgpu_ras_query_error_status_helper() error: we previously assumed 'info' could be null (see line 1176)
+
+Suggested-by: Hawking Zhang <Hawking.Zhang@amd.com>
+Cc: Tao Zhou <tao.zhou1@amd.com>
+Cc: Hawking Zhang <Hawking.Zhang@amd.com>
+Cc: Christian König <christian.koenig@amd.com>
+Cc: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam@amd.com>
+Reviewed-by: Hawking Zhang <Hawking.Zhang@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+[Ajay: applied AMDGPU_RAS_BLOCK_COUNT condition to amdgpu_ras_error_query()
+       as amdgpu_ras_query_error_status_helper() not present in v5.10, v5.4
+       amdgpu_ras_query_error_status_helper() was introduced in 8cc0f5669eb6]
+Signed-off-by: Ajay Kaher <ajay.kaher@broadcom.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c
++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c
+@@ -594,6 +594,9 @@ int amdgpu_ras_error_query(struct amdgpu
+       if (!obj)
+               return -EINVAL;
+ 
++      if (!info || info->head.block == AMDGPU_RAS_BLOCK_COUNT)
++              return -EINVAL;
++
+       switch (info->head.block) {
+       case AMDGPU_RAS_BLOCK__UMC:
+               if (adev->umc.funcs->query_ras_error_count)

diff --git a/queue-5.4/firmware-arm_scmi-harden-accesses-to-the-reset-domains.patch b/queue-5.4/firmware-arm_scmi-harden-accesses-to-the-reset-domains.patch
new file mode 100644 (file)
index 0000000..7e08b40
--- /dev/null
+++ b/queue-5.4/firmware-arm_scmi-harden-accesses-to-the-reset-domains.patch
@@ -0,0 +1,41 @@
+From e9076ffbcaed5da6c182b144ef9f6e24554af268 Mon Sep 17 00:00:00 2001
+From: Cristian Marussi <cristian.marussi@arm.com>
+Date: Wed, 17 Aug 2022 18:27:29 +0100
+Subject: firmware: arm_scmi: Harden accesses to the reset domains
+
+From: Cristian Marussi <cristian.marussi@arm.com>
+
+commit e9076ffbcaed5da6c182b144ef9f6e24554af268 upstream.
+
+Accessing reset domains descriptors by the index upon the SCMI drivers
+requests through the SCMI reset operations interface can potentially
+lead to out-of-bound violations if the SCMI driver misbehave.
+
+Add an internal consistency check before any such domains descriptors
+accesses.
+
+Link: https://lore.kernel.org/r/20220817172731.1185305-5-cristian.marussi@arm.com
+Signed-off-by: Cristian Marussi <cristian.marussi@arm.com>
+Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
+Signed-off-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/firmware/arm_scmi/reset.c |    6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/drivers/firmware/arm_scmi/reset.c
++++ b/drivers/firmware/arm_scmi/reset.c
+@@ -135,8 +135,12 @@ static int scmi_domain_reset(const struc
+       struct scmi_xfer *t;
+       struct scmi_msg_reset_domain_reset *dom;
+       struct scmi_reset_info *pi = handle->reset_priv;
+-      struct reset_dom_info *rdom = pi->dom_info + domain;
++      struct reset_dom_info *rdom;
+ 
++      if (domain >= pi->num_domains)
++              return -EINVAL;
++
++      rdom = pi->dom_info + domain;
+       if (rdom->async_reset)
+               flags |= ASYNCHRONOUS_RESET;
+ 

diff --git a/queue-5.4/series b/queue-5.4/series
index ec7df25a17d40b76a353cf15597b42d1272ec4bd..68b2148448b1a905e85f04c67bbb8b997caf2a21 100644 (file)
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -6,3 +6,8 @@ net-bcmgenet-keep-mac-in-reset-until-phy-is-up.patch
 net-bcmgenet-synchronize-ext_rgmii_oob_ctrl-access.patch
 net-bcmgenet-synchronize-use-of-bcmgenet_set_rx_mode.patch
 net-bcmgenet-synchronize-umac_cmd-access.patch
+smb-client-fix-potential-oobs-in-smb2_parse_contexts.patch
+firmware-arm_scmi-harden-accesses-to-the-reset-domains.patch
+arm64-dts-qcom-fix-interrupt-map-parent-address-cells.patch
+btrfs-add-missing-mutex_unlock-in-btrfs_relocate_sys_chunks.patch
+drm-amdgpu-fix-possible-null-dereference-in-amdgpu_ras_query_error_status_helper.patch

diff --git a/queue-5.4/smb-client-fix-potential-oobs-in-smb2_parse_contexts.patch b/queue-5.4/smb-client-fix-potential-oobs-in-smb2_parse_contexts.patch
new file mode 100644 (file)
index 0000000..8b4bb7d
--- /dev/null
+++ b/queue-5.4/smb-client-fix-potential-oobs-in-smb2_parse_contexts.patch
@@ -0,0 +1,227 @@
+From af1689a9b7701d9907dfc84d2a4b57c4bc907144 Mon Sep 17 00:00:00 2001
+From: Paulo Alcantara <pc@manguebit.com>
+Date: Mon, 11 Dec 2023 10:26:41 -0300
+Subject: smb: client: fix potential OOBs in smb2_parse_contexts()
+
+From: Paulo Alcantara <pc@manguebit.com>
+
+commit af1689a9b7701d9907dfc84d2a4b57c4bc907144 upstream.
+
+Validate offsets and lengths before dereferencing create contexts in
+smb2_parse_contexts().
+
+This fixes following oops when accessing invalid create contexts from
+server:
+
+  BUG: unable to handle page fault for address: ffff8881178d8cc3
+  #PF: supervisor read access in kernel mode
+  #PF: error_code(0x0000) - not-present page
+  PGD 4a01067 P4D 4a01067 PUD 0
+  Oops: 0000 [#1] PREEMPT SMP NOPTI
+  CPU: 3 PID: 1736 Comm: mount.cifs Not tainted 6.7.0-rc4 #1
+  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
+  rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014
+  RIP: 0010:smb2_parse_contexts+0xa0/0x3a0 [cifs]
+  Code: f8 10 75 13 48 b8 93 ad 25 50 9c b4 11 e7 49 39 06 0f 84 d2 00
+  00 00 8b 45 00 85 c0 74 61 41 29 c5 48 01 c5 41 83 fd 0f 76 55 <0f> b7
+  7d 04 0f b7 45 06 4c 8d 74 3d 00 66 83 f8 04 75 bc ba 04 00
+  RSP: 0018:ffffc900007939e0 EFLAGS: 00010216
+  RAX: ffffc90000793c78 RBX: ffff8880180cc000 RCX: ffffc90000793c90
+  RDX: ffffc90000793cc0 RSI: ffff8880178d8cc0 RDI: ffff8880180cc000
+  RBP: ffff8881178d8cbf R08: ffffc90000793c22 R09: 0000000000000000
+  R10: ffff8880180cc000 R11: 0000000000000024 R12: 0000000000000000
+  R13: 0000000000000020 R14: 0000000000000000 R15: ffffc90000793c22
+  FS: 00007f873753cbc0(0000) GS:ffff88806bc00000(0000)
+  knlGS:0000000000000000
+  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+  CR2: ffff8881178d8cc3 CR3: 00000000181ca000 CR4: 0000000000750ef0
+  PKRU: 55555554
+  Call Trace:
+   <TASK>
+   ? __die+0x23/0x70
+   ? page_fault_oops+0x181/0x480
+   ? search_module_extables+0x19/0x60
+   ? srso_alias_return_thunk+0x5/0xfbef5
+   ? exc_page_fault+0x1b6/0x1c0
+   ? asm_exc_page_fault+0x26/0x30
+   ? smb2_parse_contexts+0xa0/0x3a0 [cifs]
+   SMB2_open+0x38d/0x5f0 [cifs]
+   ? smb2_is_path_accessible+0x138/0x260 [cifs]
+   smb2_is_path_accessible+0x138/0x260 [cifs]
+   cifs_is_path_remote+0x8d/0x230 [cifs]
+   cifs_mount+0x7e/0x350 [cifs]
+   cifs_smb3_do_mount+0x128/0x780 [cifs]
+   smb3_get_tree+0xd9/0x290 [cifs]
+   vfs_get_tree+0x2c/0x100
+   ? capable+0x37/0x70
+   path_mount+0x2d7/0xb80
+   ? srso_alias_return_thunk+0x5/0xfbef5
+   ? _raw_spin_unlock_irqrestore+0x44/0x60
+   __x64_sys_mount+0x11a/0x150
+   do_syscall_64+0x47/0xf0
+   entry_SYSCALL_64_after_hwframe+0x6f/0x77
+  RIP: 0033:0x7f8737657b1e
+
+Reported-by: Robert Morris <rtm@csail.mit.edu>
+Cc: stable@vger.kernel.org
+Signed-off-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+[Guru: Removed changes to cached_dir.c and checking return value
+of smb2_parse_contexts in smb2ops.c]
+Signed-off-by: Guruswamy Basavaiah <guruswamy.basavaiah@broadcom.com>
+[v5.4: Fixed merge-conflicts in smb2_parse_contexts for
+missing parameter POSIX response]
+Signed-off-by: Shaoying Xu <shaoyi@amazon.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/cifs/smb2ops.c   |    4 +-
+ fs/cifs/smb2pdu.c   |   79 ++++++++++++++++++++++++++++++++++------------------
+ fs/cifs/smb2proto.h |   10 +++---
+ 3 files changed, 61 insertions(+), 32 deletions(-)
+
+--- a/fs/cifs/smb2ops.c
++++ b/fs/cifs/smb2ops.c
+@@ -787,9 +787,11 @@ int open_shroot(unsigned int xid, struct
+       /* BB TBD check to see if oplock level check can be removed below */
+       if (o_rsp->OplockLevel == SMB2_OPLOCK_LEVEL_LEASE) {
+               kref_get(&tcon->crfid.refcount);
+-              smb2_parse_contexts(server, o_rsp,
++              rc = smb2_parse_contexts(server, rsp_iov,
+                               &oparms.fid->epoch,
+                               oparms.fid->lease_key, &oplock, NULL);
++              if (rc)
++                      goto oshr_exit;
+       } else
+               goto oshr_exit;
+ 
+--- a/fs/cifs/smb2pdu.c
++++ b/fs/cifs/smb2pdu.c
+@@ -1929,48 +1929,73 @@ parse_query_id_ctxt(struct create_contex
+       buf->IndexNumber = pdisk_id->DiskFileId;
+ }
+ 
+-void
+-smb2_parse_contexts(struct TCP_Server_Info *server,
+-                     struct smb2_create_rsp *rsp,
+-                     unsigned int *epoch, char *lease_key, __u8 *oplock,
+-                     struct smb2_file_all_info *buf)
++int smb2_parse_contexts(struct TCP_Server_Info *server,
++                      struct kvec *rsp_iov,
++                      unsigned int *epoch,
++                      char *lease_key, __u8 *oplock,
++                      struct smb2_file_all_info *buf)
+ {
+-      char *data_offset;
++      struct smb2_create_rsp *rsp = rsp_iov->iov_base;
+       struct create_context *cc;
+-      unsigned int next;
+-      unsigned int remaining;
++      size_t rem, off, len;
++      size_t doff, dlen;
++      size_t noff, nlen;
+       char *name;
+ 
+       *oplock = 0;
+-      data_offset = (char *)rsp + le32_to_cpu(rsp->CreateContextsOffset);
+-      remaining = le32_to_cpu(rsp->CreateContextsLength);
+-      cc = (struct create_context *)data_offset;
++
++      off = le32_to_cpu(rsp->CreateContextsOffset);
++      rem = le32_to_cpu(rsp->CreateContextsLength);
++      if (check_add_overflow(off, rem, &len) || len > rsp_iov->iov_len)
++              return -EINVAL;
++      cc = (struct create_context *)((u8 *)rsp + off);
+ 
+       /* Initialize inode number to 0 in case no valid data in qfid context */
+       if (buf)
+               buf->IndexNumber = 0;
+ 
+-      while (remaining >= sizeof(struct create_context)) {
+-              name = le16_to_cpu(cc->NameOffset) + (char *)cc;
+-              if (le16_to_cpu(cc->NameLength) == 4 &&
+-                  strncmp(name, SMB2_CREATE_REQUEST_LEASE, 4) == 0)
+-                      *oplock = server->ops->parse_lease_buf(cc, epoch,
+-                                                         lease_key);
+-              else if (buf && (le16_to_cpu(cc->NameLength) == 4) &&
+-                  strncmp(name, SMB2_CREATE_QUERY_ON_DISK_ID, 4) == 0)
+-                      parse_query_id_ctxt(cc, buf);
++      while (rem >= sizeof(*cc)) {
++              doff = le16_to_cpu(cc->DataOffset);
++              dlen = le32_to_cpu(cc->DataLength);
++              if (check_add_overflow(doff, dlen, &len) || len > rem)
++                      return -EINVAL;
++
++              noff = le16_to_cpu(cc->NameOffset);
++              nlen = le16_to_cpu(cc->NameLength);
++              if (noff + nlen >= doff)
++                      return -EINVAL;
++
++              name = (char *)cc + noff;
++              switch (nlen) {
++              case 4:
++                      if (!strncmp(name, SMB2_CREATE_REQUEST_LEASE, 4)) {
++                              *oplock = server->ops->parse_lease_buf(cc, epoch,
++                                                                     lease_key);
++                      } else if (buf &&
++                                 !strncmp(name, SMB2_CREATE_QUERY_ON_DISK_ID, 4)) {
++                              parse_query_id_ctxt(cc, buf);
++                      }
++                      break;
++              default:
++                      cifs_dbg(FYI, "%s: unhandled context (nlen=%zu dlen=%zu)\n",
++                               __func__, nlen, dlen);
++                      if (IS_ENABLED(CONFIG_CIFS_DEBUG2))
++                              cifs_dump_mem("context data: ", cc, dlen);
++                      break;
++              }
+ 
+-              next = le32_to_cpu(cc->Next);
+-              if (!next)
++              off = le32_to_cpu(cc->Next);
++              if (!off)
+                       break;
+-              remaining -= next;
+-              cc = (struct create_context *)((char *)cc + next);
++              if (check_sub_overflow(rem, off, &rem))
++                      return -EINVAL;
++              cc = (struct create_context *)((u8 *)cc + off);
+       }
+ 
+       if (rsp->OplockLevel != SMB2_OPLOCK_LEVEL_LEASE)
+               *oplock = rsp->OplockLevel;
+ 
+-      return;
++      return 0;
+ }
+ 
+ static int
+@@ -2680,8 +2705,8 @@ SMB2_open(const unsigned int xid, struct
+       }
+ 
+ 
+-      smb2_parse_contexts(server, rsp, &oparms->fid->epoch,
+-                          oparms->fid->lease_key, oplock, buf);
++      rc = smb2_parse_contexts(server, &rsp_iov, &oparms->fid->epoch,
++                               oparms->fid->lease_key, oplock, buf);
+ creat_exit:
+       SMB2_open_free(&rqst);
+       free_rsp_buf(resp_buftype, rsp);
+--- a/fs/cifs/smb2proto.h
++++ b/fs/cifs/smb2proto.h
+@@ -238,10 +238,12 @@ extern int smb3_validate_negotiate(const
+ 
+ extern enum securityEnum smb2_select_sectype(struct TCP_Server_Info *,
+                                       enum securityEnum);
+-extern void smb2_parse_contexts(struct TCP_Server_Info *server,
+-                              struct smb2_create_rsp *rsp,
+-                              unsigned int *epoch, char *lease_key,
+-                              __u8 *oplock, struct smb2_file_all_info *buf);
++int smb2_parse_contexts(struct TCP_Server_Info *server,
++                      struct kvec *rsp_iov,
++                      unsigned int *epoch,
++                      char *lease_key, __u8 *oplock,
++                      struct smb2_file_all_info *buf);
++
+ extern int smb3_encryption_required(const struct cifs_tcon *tcon);
+ extern int smb2_validate_iov(unsigned int offset, unsigned int buffer_length,
+                            struct kvec *iov, unsigned int min_buf_size);