5.15-stable patches

added patches:
	ksmbd-compare-macs-in-constant-time.patch

diff --git a/queue-5.15/ksmbd-compare-macs-in-constant-time.patch b/queue-5.15/ksmbd-compare-macs-in-constant-time.patch
new file mode 100644 (file)
index 0000000..5329799
--- /dev/null
+++ b/queue-5.15/ksmbd-compare-macs-in-constant-time.patch
@@ -0,0 +1,71 @@
+From c5794709bc9105935dbedef8b9cf9c06f2b559fa Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@kernel.org>
+Date: Tue, 17 Feb 2026 20:28:29 -0800
+Subject: ksmbd: Compare MACs in constant time
+
+From: Eric Biggers <ebiggers@kernel.org>
+
+commit c5794709bc9105935dbedef8b9cf9c06f2b559fa upstream.
+
+To prevent timing attacks, MAC comparisons need to be constant-time.
+Replace the memcmp() with the correct function, crypto_memneq().
+
+Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
+Cc: stable@vger.kernel.org
+Signed-off-by: Eric Biggers <ebiggers@kernel.org>
+Acked-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ksmbd/auth.c    |    4 +++-
+ fs/ksmbd/smb2pdu.c |    5 +++--
+ 2 files changed, 6 insertions(+), 3 deletions(-)
+
+--- a/fs/ksmbd/auth.c
++++ b/fs/ksmbd/auth.c
+@@ -13,6 +13,7 @@
+ #include <linux/xattr.h>
+ #include <crypto/hash.h>
+ #include <crypto/aead.h>
++#include <crypto/algapi.h>
+ #include <linux/random.h>
+ #include <linux/scatterlist.h>
+ 
+@@ -281,7 +282,8 @@ int ksmbd_auth_ntlmv2(struct ksmbd_conn
+               goto out;
+       }
+ 
+-      if (memcmp(ntlmv2->ntlmv2_hash, ntlmv2_rsp, CIFS_HMAC_MD5_HASH_SIZE) != 0)
++      if (crypto_memneq(ntlmv2->ntlmv2_hash, ntlmv2_rsp,
++                        CIFS_HMAC_MD5_HASH_SIZE))
+               rc = -EINVAL;
+ out:
+       if (ctx)
+--- a/fs/ksmbd/smb2pdu.c
++++ b/fs/ksmbd/smb2pdu.c
+@@ -4,6 +4,7 @@
+  *   Copyright (C) 2018 Samsung Electronics Co., Ltd.
+  */
+ 
++#include <crypto/algapi.h>
+ #include <linux/inetdevice.h>
+ #include <net/addrconf.h>
+ #include <linux/syscalls.h>
+@@ -8440,7 +8441,7 @@ int smb2_check_sign_req(struct ksmbd_wor
+                               signature))
+               return 0;
+ 
+-      if (memcmp(signature, signature_req, SMB2_SIGNATURE_SIZE)) {
++      if (crypto_memneq(signature, signature_req, SMB2_SIGNATURE_SIZE)) {
+               pr_err("bad smb2 signature\n");
+               return 0;
+       }
+@@ -8528,7 +8529,7 @@ int smb3_check_sign_req(struct ksmbd_wor
+       if (ksmbd_sign_smb3_pdu(conn, signing_key, iov, 1, signature))
+               return 0;
+ 
+-      if (memcmp(signature, signature_req, SMB2_SIGNATURE_SIZE)) {
++      if (crypto_memneq(signature, signature_req, SMB2_SIGNATURE_SIZE)) {
+               pr_err("bad smb2 signature\n");
+               return 0;
+       }

diff --git a/queue-5.15/series b/queue-5.15/series
index 987f456a22eb9ff18b6971a7cb87409a2cd668ff..dfa7b97bf62a16848398c233cf2661b7cd815152 100644 (file)
--- a/queue-5.15/series
+++ b/queue-5.15/series
@@ -399,3 +399,4 @@ blk-cgroup-fix-null-deref-caused-by-blkg_policy_data-being-installed-before-init
 batman-adv-stop-tp_meter-sessions-during-mesh-teardown.patch
 batman-adv-tp_meter-fix-tp_num-leak-on-kmalloc-failure.patch
 net-ipv6-ioam6-prevent-schema-length-wraparound-in-trace-fill.patch
+ksmbd-compare-macs-in-constant-time.patch