From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 16 Jun 2026 06:02:32 +0000 (+0530)
Subject: drop queue-5.15/ksmbd-compare-macs-in-constant-time.patch
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=461071cadf1736df8f6dc7edd506ef70c8cd268e;p=thirdparty%2Fkernel%2Fstable-queue.git

drop queue-5.15/ksmbd-compare-macs-in-constant-time.patch
---

diff --git a/queue-5.15/ksmbd-compare-macs-in-constant-time.patch b/queue-5.15/ksmbd-compare-macs-in-constant-time.patch
deleted file mode 100644
index 16501b974d..0000000000
--- a/queue-5.15/ksmbd-compare-macs-in-constant-time.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-From c5794709bc9105935dbedef8b9cf9c06f2b559fa Mon Sep 17 00:00:00 2001
-From: Eric Biggers <ebiggers@kernel.org>
-Date: Tue, 17 Feb 2026 20:28:29 -0800
-Subject: ksmbd: Compare MACs in constant time
-
-From: Eric Biggers <ebiggers@kernel.org>
-
-commit c5794709bc9105935dbedef8b9cf9c06f2b559fa upstream.
-
-To prevent timing attacks, MAC comparisons need to be constant-time.
-Replace the memcmp() with the correct function, crypto_memneq().
-
-Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
-Cc: stable@vger.kernel.org
-Signed-off-by: Eric Biggers <ebiggers@kernel.org>
-Acked-by: Namjae Jeon <linkinjeon@kernel.org>
-Signed-off-by: Steve French <stfrench@microsoft.com>
-Signed-off-by: Rajani Kantha <681739313@139.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- fs/ksmbd/Kconfig   |    1 +
- fs/ksmbd/auth.c    |    4 +++-
- fs/ksmbd/smb2pdu.c |    5 +++--
- 3 files changed, 7 insertions(+), 3 deletions(-)
-
---- a/fs/ksmbd/Kconfig
-+++ b/fs/ksmbd/Kconfig
-@@ -10,6 +10,7 @@ config SMB_SERVER
- 	select CRYPTO_HMAC
- 	select CRYPTO_ECB
- 	select CRYPTO_LIB_DES
-+	select CRYPTO_LIB_UTILS
- 	select CRYPTO_SHA256
- 	select CRYPTO_CMAC
- 	select CRYPTO_SHA512
---- a/fs/ksmbd/auth.c
-+++ b/fs/ksmbd/auth.c
-@@ -13,6 +13,7 @@
- #include <linux/xattr.h>
- #include <crypto/hash.h>
- #include <crypto/aead.h>
-+#include <crypto/utils.h>
- #include <linux/random.h>
- #include <linux/scatterlist.h>
- 
-@@ -281,7 +282,8 @@ int ksmbd_auth_ntlmv2(struct ksmbd_conn
- 		goto out;
- 	}
- 
--	if (memcmp(ntlmv2->ntlmv2_hash, ntlmv2_rsp, CIFS_HMAC_MD5_HASH_SIZE) != 0)
-+	if (crypto_memneq(ntlmv2->ntlmv2_hash, ntlmv2_rsp,
-+			  CIFS_HMAC_MD5_HASH_SIZE))
- 		rc = -EINVAL;
- out:
- 	if (ctx)
---- a/fs/ksmbd/smb2pdu.c
-+++ b/fs/ksmbd/smb2pdu.c
-@@ -4,6 +4,7 @@
-  *   Copyright (C) 2018 Samsung Electronics Co., Ltd.
-  */
- 
-+#include <crypto/utils.h>
- #include <linux/inetdevice.h>
- #include <net/addrconf.h>
- #include <linux/syscalls.h>
-@@ -8440,7 +8441,7 @@ int smb2_check_sign_req(struct ksmbd_wor
- 				signature))
- 		return 0;
- 
--	if (memcmp(signature, signature_req, SMB2_SIGNATURE_SIZE)) {
-+	if (crypto_memneq(signature, signature_req, SMB2_SIGNATURE_SIZE)) {
- 		pr_err("bad smb2 signature\n");
- 		return 0;
- 	}
-@@ -8528,7 +8529,7 @@ int smb3_check_sign_req(struct ksmbd_wor
- 	if (ksmbd_sign_smb3_pdu(conn, signing_key, iov, 1, signature))
- 		return 0;
- 
--	if (memcmp(signature, signature_req, SMB2_SIGNATURE_SIZE)) {
-+	if (crypto_memneq(signature, signature_req, SMB2_SIGNATURE_SIZE)) {
- 		pr_err("bad smb2 signature\n");
- 		return 0;
- 	}
diff --git a/queue-5.15/series b/queue-5.15/series
index 37f6671c6d..8a93d35375 100644
--- a/queue-5.15/series
+++ b/queue-5.15/series
@@ -247,7 +247,6 @@ fs-fcntl-fix-softirq-unsafe-lock-order-in-fasync-signaling.patch
 mm-damon-ops-common-call-folio_test_lru-after-folio_.patch
 io_uring-poll-fix-signed-comparison-in-io_poll_get_ownership.patch
 net-tcp-md5-fix-mac-comparison-to-be-constant-time.patch
-ksmbd-compare-macs-in-constant-time.patch
 lib-crypto-mpi-fix-integer-underflow-in-mpi_read_raw_from_sgl.patch
 f2fs-fix-to-do-sanity-check-on-dcc-discard_cmd_cnt-conditionally.patch
 f2fs-fix-uaf-caused-by-decrementing-sbi-nr_pages-in-f2fs_write_end_io.patch