From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 16 Jun 2026 07:21:12 +0000 (+0530)
Subject: 5.15-stable patches
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=284c03f2e527ee2b0bd7558001bcd759af968f5f;p=thirdparty%2Fkernel%2Fstable-queue.git

5.15-stable patches

added patches:
	ksmbd-compare-macs-in-constant-time.patch
---

diff --git a/queue-5.15/ksmbd-compare-macs-in-constant-time.patch b/queue-5.15/ksmbd-compare-macs-in-constant-time.patch
new file mode 100644
index 0000000000..5329799d34
--- /dev/null
+++ b/queue-5.15/ksmbd-compare-macs-in-constant-time.patch
@@ -0,0 +1,71 @@
+From c5794709bc9105935dbedef8b9cf9c06f2b559fa Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@kernel.org>
+Date: Tue, 17 Feb 2026 20:28:29 -0800
+Subject: ksmbd: Compare MACs in constant time
+
+From: Eric Biggers <ebiggers@kernel.org>
+
+commit c5794709bc9105935dbedef8b9cf9c06f2b559fa upstream.
+
+To prevent timing attacks, MAC comparisons need to be constant-time.
+Replace the memcmp() with the correct function, crypto_memneq().
+
+Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
+Cc: stable@vger.kernel.org
+Signed-off-by: Eric Biggers <ebiggers@kernel.org>
+Acked-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ksmbd/auth.c    |    4 +++-
+ fs/ksmbd/smb2pdu.c |    5 +++--
+ 2 files changed, 6 insertions(+), 3 deletions(-)
+
+--- a/fs/ksmbd/auth.c
++++ b/fs/ksmbd/auth.c
+@@ -13,6 +13,7 @@
+ #include <linux/xattr.h>
+ #include <crypto/hash.h>
+ #include <crypto/aead.h>
++#include <crypto/algapi.h>
+ #include <linux/random.h>
+ #include <linux/scatterlist.h>
+ 
+@@ -281,7 +282,8 @@ int ksmbd_auth_ntlmv2(struct ksmbd_conn
+ 		goto out;
+ 	}
+ 
+-	if (memcmp(ntlmv2->ntlmv2_hash, ntlmv2_rsp, CIFS_HMAC_MD5_HASH_SIZE) != 0)
++	if (crypto_memneq(ntlmv2->ntlmv2_hash, ntlmv2_rsp,
++			  CIFS_HMAC_MD5_HASH_SIZE))
+ 		rc = -EINVAL;
+ out:
+ 	if (ctx)
+--- a/fs/ksmbd/smb2pdu.c
++++ b/fs/ksmbd/smb2pdu.c
+@@ -4,6 +4,7 @@
+  *   Copyright (C) 2018 Samsung Electronics Co., Ltd.
+  */
+ 
++#include <crypto/algapi.h>
+ #include <linux/inetdevice.h>
+ #include <net/addrconf.h>
+ #include <linux/syscalls.h>
+@@ -8440,7 +8441,7 @@ int smb2_check_sign_req(struct ksmbd_wor
+ 				signature))
+ 		return 0;
+ 
+-	if (memcmp(signature, signature_req, SMB2_SIGNATURE_SIZE)) {
++	if (crypto_memneq(signature, signature_req, SMB2_SIGNATURE_SIZE)) {
+ 		pr_err("bad smb2 signature\n");
+ 		return 0;
+ 	}
+@@ -8528,7 +8529,7 @@ int smb3_check_sign_req(struct ksmbd_wor
+ 	if (ksmbd_sign_smb3_pdu(conn, signing_key, iov, 1, signature))
+ 		return 0;
+ 
+-	if (memcmp(signature, signature_req, SMB2_SIGNATURE_SIZE)) {
++	if (crypto_memneq(signature, signature_req, SMB2_SIGNATURE_SIZE)) {
+ 		pr_err("bad smb2 signature\n");
+ 		return 0;
+ 	}
diff --git a/queue-5.15/series b/queue-5.15/series
index 987f456a22..dfa7b97bf6 100644
--- a/queue-5.15/series
+++ b/queue-5.15/series
@@ -399,3 +399,4 @@ blk-cgroup-fix-null-deref-caused-by-blkg_policy_data-being-installed-before-init
 batman-adv-stop-tp_meter-sessions-during-mesh-teardown.patch
 batman-adv-tp_meter-fix-tp_num-leak-on-kmalloc-failure.patch
 net-ipv6-ioam6-prevent-schema-length-wraparound-in-trace-fill.patch
+ksmbd-compare-macs-in-constant-time.patch