From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 26 Jul 2018 10:22:55 +0000 (+0200)
Subject: 4.14-stable patches
X-Git-Tag: v3.18.117~23
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b93d598af68229ecb5a97c0f030d7b3a6c8fbbda;p=thirdparty%2Fkernel%2Fstable-queue.git

4.14-stable patches

added patches:
	revert-cifs-fix-slab-out-of-bounds-in-send_set_info-on.patch
---

diff --git a/queue-4.14/revert-cifs-fix-slab-out-of-bounds-in-send_set_info-on.patch b/queue-4.14/revert-cifs-fix-slab-out-of-bounds-in-send_set_info-on.patch
new file mode 100644
index 00000000000..e2bafbf42b6
--- /dev/null
+++ b/queue-4.14/revert-cifs-fix-slab-out-of-bounds-in-send_set_info-on.patch
@@ -0,0 +1,53 @@
+From 5422bc44f6aca94ac667a0e076fceeaac863e496 Mon Sep 17 00:00:00 2001
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Date: Thu, 26 Jul 2018 12:19:48 +0200
+Subject: Revert "cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting"
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+This reverts commit 748144f35514aef14c4fdef5bcaa0db99cb9367a which is
+commit f46ecbd97f508e68a7806291a139499794874f3d upstream.
+
+Philip reports:
+	seems adding "cifs: Fix slab-out-of-bounds in send_set_info() on SMB2
+	ACE setting" (commit 748144f) [1] created a regression within linux
+	v4.14 kernel series. Writing to a mounted cifs either freezes on writing
+	or crashes the PC. A more detailed explanation you may find in our
+	forums [2]. Reverting the patch, seems to "fix" it. Thoughts?
+
+Reported-by: Philip Müller <philm@manjaro.org>
+Cc: Jianhong Yin <jiyin@redhat.com>
+Cc: Stefano Brivio <sbrivio@redhat.com>
+Cc: Aurelien Aptel <aaptel@suse.com>
+Cc: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/cifs/smb2pdu.c |    7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+
+--- a/fs/cifs/smb2pdu.c
++++ b/fs/cifs/smb2pdu.c
+@@ -338,10 +338,7 @@ smb2_plain_req_init(__le16 smb2_command,
+ 		return rc;
+ 
+ 	/* BB eventually switch this to SMB2 specific small buf size */
+-	if (smb2_command == SMB2_SET_INFO)
+-		*request_buf = cifs_buf_get();
+-	else
+-		*request_buf = cifs_small_buf_get();
++	*request_buf = cifs_small_buf_get();
+ 	if (*request_buf == NULL) {
+ 		/* BB should we add a retry in here if not a writepage? */
+ 		return -ENOMEM;
+@@ -3171,7 +3168,7 @@ send_set_info(const unsigned int xid, st
+ 	}
+ 
+ 	rc = SendReceive2(xid, ses, iov, num, &resp_buftype, flags, &rsp_iov);
+-	cifs_buf_release(req);
++	cifs_small_buf_release(req);
+ 	rsp = (struct smb2_set_info_rsp *)rsp_iov.iov_base;
+ 
+ 	if (rc != 0)
diff --git a/queue-4.14/series b/queue-4.14/series
new file mode 100644
index 00000000000..4b2b0c92202
--- /dev/null
+++ b/queue-4.14/series
@@ -0,0 +1 @@
+revert-cifs-fix-slab-out-of-bounds-in-send_set_info-on.patch
diff --git a/queue-4.17/series b/queue-4.17/series
new file mode 100644
index 00000000000..82e2d4a64ef
--- /dev/null
+++ b/queue-4.17/series
@@ -0,0 +1 @@
+kvm-vmx-support-msr_ia32_arch_capabilities-as-a-feature-msr.patch