5.15-stable patches

added patches:
	ksmbd-mark-as-broken-in-the-5.15.y-kernel.patch

diff --git a/queue-5.15/ksmbd-check-the-validation-of-pdu_size-in-ksmbd_conn_handler_loop.patch b/queue-5.15/ksmbd-check-the-validation-of-pdu_size-in-ksmbd_conn_handler_loop.patch
deleted file mode 100644 (file)
index fe2ea46..0000000
--- a/queue-5.15/ksmbd-check-the-validation-of-pdu_size-in-ksmbd_conn_handler_loop.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From 368ba06881c395f1c9a7ba22203cf8d78b4addc0 Mon Sep 17 00:00:00 2001
-From: Namjae Jeon <linkinjeon@kernel.org>
-Date: Tue, 30 May 2023 23:10:31 +0900
-Subject: ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop
-
-From: Namjae Jeon <linkinjeon@kernel.org>
-
-commit 368ba06881c395f1c9a7ba22203cf8d78b4addc0 upstream.
-
-The length field of netbios header must be greater than the SMB header
-sizes(smb1 or smb2 header), otherwise the packet is an invalid SMB packet.
-
-If `pdu_size` is 0, ksmbd allocates a 4 bytes chunk to `conn->request_buf`.
-In the function `get_smb2_cmd_val` ksmbd will read cmd from
-`rcv_hdr->Command`, which is `conn->request_buf + 12`, causing the KASAN
-detector to print the following error message:
-
-[    7.205018] BUG: KASAN: slab-out-of-bounds in get_smb2_cmd_val+0x45/0x60
-[    7.205423] Read of size 2 at addr ffff8880062d8b50 by task ksmbd:42632/248
-...
-[    7.207125]  <TASK>
-[    7.209191]  get_smb2_cmd_val+0x45/0x60
-[    7.209426]  ksmbd_conn_enqueue_request+0x3a/0x100
-[    7.209712]  ksmbd_server_process_request+0x72/0x160
-[    7.210295]  ksmbd_conn_handler_loop+0x30c/0x550
-[    7.212280]  kthread+0x160/0x190
-[    7.212762]  ret_from_fork+0x1f/0x30
-[    7.212981]  </TASK>
-
-Cc: stable@vger.kernel.org
-Reported-by: Chih-Yen Chang <cc85nod@gmail.com>
-Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
-Signed-off-by: Steve French <stfrench@microsoft.com>
-[PG: fs/smb/server/connection.c --> fs/ksmbd/connection.c for v5.15.
- Also no smb2_get_msg() as no +4 from cb4517201b8a in v5.15 baseline.]
-Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- fs/ksmbd/connection.c |   12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
---- a/fs/ksmbd/connection.c
-+++ b/fs/ksmbd/connection.c
-@@ -263,6 +263,9 @@ bool ksmbd_conn_alive(struct ksmbd_conn
-       return true;
- }
- 
-+#define SMB1_MIN_SUPPORTED_HEADER_SIZE (sizeof(struct smb_hdr))
-+#define SMB2_MIN_SUPPORTED_HEADER_SIZE (sizeof(struct smb2_hdr))
-+
- /**
-  * ksmbd_conn_handler_loop() - session thread to listen on new smb requests
-  * @p:                connection instance
-@@ -319,6 +322,9 @@ int ksmbd_conn_handler_loop(void *p)
-               if (pdu_size > MAX_STREAM_PROT_LEN)
-                       break;
- 
-+              if (pdu_size < SMB1_MIN_SUPPORTED_HEADER_SIZE)
-+                      break;
-+
-               /* 4 for rfc1002 length field */
-               /* 1 for implied bcc[0] */
-               size = pdu_size + 4 + 1;
-@@ -346,6 +352,12 @@ int ksmbd_conn_handler_loop(void *p)
-                       continue;
-               }
- 
-+              if (((struct smb2_hdr *)(conn->request_buf))->ProtocolId ==
-+                  SMB2_PROTO_NUMBER) {
-+                      if (pdu_size < SMB2_MIN_SUPPORTED_HEADER_SIZE)
-+                              break;
-+              }
-+
-               if (!default_conn_ops.process_fn) {
-                       pr_err("No connection request callback\n");
-                       break;

diff --git a/queue-5.15/ksmbd-mark-as-broken-in-the-5.15.y-kernel.patch b/queue-5.15/ksmbd-mark-as-broken-in-the-5.15.y-kernel.patch
new file mode 100644 (file)
index 0000000..b406405
--- /dev/null
+++ b/queue-5.15/ksmbd-mark-as-broken-in-the-5.15.y-kernel.patch
@@ -0,0 +1,37 @@
+From gregkh@linuxfoundation.org  Mon Dec 18 12:39:35 2023
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Date: Mon, 18 Dec 2023 11:37:42 +0100
+Subject: ksmbd: Mark as BROKEN in the 5.15.y kernel
+To: stable@vger.kernel.org
+Cc: linux-kernel@vger.kernel.org, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Namjae Jeon <linkinjeon@kernel.org>, Sergey Senozhatsky <senozhatsky@chromium.org>, Steve French <sfrench@samba.org>, Hyunchul Lee <hyc.lee@gmail.com>, linux-cifs@vger.kernel.org
+Message-ID: <2023121841-register-nutshell-9d6d@gregkh>
+
+
+Due to many known bugfixes not being backported properly to the 5.15.y
+kernel tree, the ksmbd code in this branch is just not safe to be used
+at this point in time at all.  So mark it as BROKEN so it will not be
+used.
+
+This can be changed in the future if all needed backports are made by
+anyone who cares about this code in this stable kernel branch.
+
+Cc: Namjae Jeon <linkinjeon@kernel.org>
+Cc: Sergey Senozhatsky <senozhatsky@chromium.org>
+Cc: Steve French <sfrench@samba.org>
+Cc: Hyunchul Lee <hyc.lee@gmail.com>
+Cc: linux-cifs@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ksmbd/Kconfig |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/ksmbd/Kconfig
++++ b/fs/ksmbd/Kconfig
+@@ -3,6 +3,7 @@ config SMB_SERVER
+       depends on INET
+       depends on MULTIUSER
+       depends on FILE_LOCKING
++      depends on BROKEN
+       select NLS
+       select NLS_UTF8
+       select CRYPTO

diff --git a/queue-5.15/series b/queue-5.15/series
index 0def30a653782491150d5d4d052c8a47f12d2377..5781167128f155de00da54a11cb35df8b5f0c536 100644 (file)
--- a/queue-5.15/series
+++ b/queue-5.15/series
@@ -82,8 +82,8 @@ ring-buffer-have-saved-event-hold-the-entire-event.patch
 ring-buffer-fix-writing-to-the-buffer-with-max_data_size.patch
 ring-buffer-fix-a-race-in-rb_time_cmpxchg-for-32-bit-archs.patch
 ring-buffer-do-not-try-to-put-back-write_stamp.patch
-ksmbd-check-the-validation-of-pdu_size-in-ksmbd_conn_handler_loop.patch
 usb-gadget-core-adjust-uevent-timing-on-gadget-unbind.patch
 rdma-irdma-prevent-zero-length-stag-registration.patch
 powerpc-ftrace-create-a-dummy-stackframe-to-fix-stack-unwind.patch
 powerpc-ftrace-fix-stack-teardown-in-ftrace_no_trace.patch
+ksmbd-mark-as-broken-in-the-5.15.y-kernel.patch