From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 18 Feb 2022 10:37:41 +0000 (+0100)
Subject: drop queue-5.10/btrfs-tree-checker-check-item_size-for-dev_item.patch
X-Git-Tag: v4.9.303~63
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=51302415da14292aef245b77f9d111fb6a412261;p=thirdparty%2Fkernel%2Fstable-queue.git

drop queue-5.10/btrfs-tree-checker-check-item_size-for-dev_item.patch
---

diff --git a/queue-5.10/btrfs-tree-checker-check-item_size-for-dev_item.patch b/queue-5.10/btrfs-tree-checker-check-item_size-for-dev_item.patch
deleted file mode 100644
index 273d1a64216..00000000000
--- a/queue-5.10/btrfs-tree-checker-check-item_size-for-dev_item.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 5811a731fdbc775afd25f9b3f907ae7e939861a9 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Fri, 21 Jan 2022 17:33:35 +0800
-Subject: btrfs: tree-checker: check item_size for dev_item
-
-From: Su Yue <l@damenly.su>
-
-[ Upstream commit ea1d1ca4025ac6c075709f549f9aa036b5b6597d ]
-
-Check item size before accessing the device item to avoid out of bound
-access, similar to inode_item check.
-
-Signed-off-by: Su Yue <l@damenly.su>
-Reviewed-by: David Sterba <dsterba@suse.com>
-Signed-off-by: David Sterba <dsterba@suse.com>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- fs/btrfs/tree-checker.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c
-index d4a3a56726aa8..4a5ee516845f7 100644
---- a/fs/btrfs/tree-checker.c
-+++ b/fs/btrfs/tree-checker.c
-@@ -947,6 +947,7 @@ static int check_dev_item(struct extent_buffer *leaf,
- 			  struct btrfs_key *key, int slot)
- {
- 	struct btrfs_dev_item *ditem;
-+	const u32 item_size = btrfs_item_size(leaf, slot);
- 
- 	if (key->objectid != BTRFS_DEV_ITEMS_OBJECTID) {
- 		dev_item_err(leaf, slot,
-@@ -954,6 +955,13 @@ static int check_dev_item(struct extent_buffer *leaf,
- 			     key->objectid, BTRFS_DEV_ITEMS_OBJECTID);
- 		return -EUCLEAN;
- 	}
-+
-+	if (unlikely(item_size != sizeof(*ditem))) {
-+		dev_item_err(leaf, slot, "invalid item size: has %u expect %zu",
-+			     item_size, sizeof(*ditem));
-+		return -EUCLEAN;
-+	}
-+
- 	ditem = btrfs_item_ptr(leaf, slot, struct btrfs_dev_item);
- 	if (btrfs_device_id(leaf, ditem) != key->offset) {
- 		dev_item_err(leaf, slot,
--- 
-2.34.1
-
diff --git a/queue-5.10/series b/queue-5.10/series
index 939d532d8cb..26ff02588b8 100644
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -32,7 +32,6 @@ selftests-skip-mincore.check_file_mmap-when-fs-lacks.patch
 ax25-improve-the-incomplete-fix-to-avoid-uaf-and-npd.patch
 vfs-make-freeze_super-abort-when-sync_filesystem-ret.patch
 quota-make-dquot_quota_sync-return-errors-from-sync_.patch
-btrfs-tree-checker-check-item_size-for-dev_item.patch
 scsi-pm8001-fix-use-after-free-for-aborted-tmf-sas_t.patch
 scsi-pm8001-fix-use-after-free-for-aborted-ssp-stp-s.patch
 nvme-fix-a-possible-use-after-free-in-controller-res.patch