From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 4 Sep 2024 09:35:21 +0000 (+0200)
Subject: drop queue-5.15/ksmbd-the-buffer-of-smb2-query-dir-response-has-at-l.patch
X-Git-Tag: v4.19.321~4
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c5d3eba00f19a2d67c34483b745a0953e7cb0dde;p=thirdparty%2Fkernel%2Fstable-queue.git

drop queue-5.15/ksmbd-the-buffer-of-smb2-query-dir-response-has-at-l.patch

I think it will be coming back, but what do I know...
---

diff --git a/queue-5.15/ksmbd-the-buffer-of-smb2-query-dir-response-has-at-l.patch b/queue-5.15/ksmbd-the-buffer-of-smb2-query-dir-response-has-at-l.patch
deleted file mode 100644
index f6f66fad456..00000000000
--- a/queue-5.15/ksmbd-the-buffer-of-smb2-query-dir-response-has-at-l.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 50f20b1d64076cd63bbc32b19f97968b547e7f2d Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Tue, 20 Aug 2024 22:07:38 +0900
-Subject: ksmbd: the buffer of smb2 query dir response has at least 1 byte
-
-From: Namjae Jeon <linkinjeon@kernel.org>
-
-[ Upstream commit ce61b605a00502c59311d0a4b1f58d62b48272d0 ]
-
-When STATUS_NO_MORE_FILES status is set to smb2 query dir response,
-->StructureSize is set to 9, which mean buffer has 1 byte.
-This issue occurs because ->Buffer[1] in smb2_query_directory_rsp to
-flex-array.
-
-Fixes: eb3e28c1e89b ("smb3: Replace smb2pdu 1-element arrays with flex-arrays")
-Cc: stable@vger.kernel.org # v6.1+
-Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
-Signed-off-by: Steve French <stfrench@microsoft.com>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- fs/ksmbd/smb2pdu.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
-index 57f59172d8212..3458f2ae5cee4 100644
---- a/fs/ksmbd/smb2pdu.c
-+++ b/fs/ksmbd/smb2pdu.c
-@@ -4160,7 +4160,8 @@ int smb2_query_dir(struct ksmbd_work *work)
- 		rsp->OutputBufferLength = cpu_to_le32(0);
- 		rsp->Buffer[0] = 0;
- 		rc = ksmbd_iov_pin_rsp(work, (void *)rsp,
--				       sizeof(struct smb2_query_directory_rsp));
-+				       offsetof(struct smb2_query_directory_rsp, Buffer)
-+				       + 1);
- 		if (rc)
- 			goto err_out;
- 	} else {
--- 
-2.43.0
-
diff --git a/queue-5.15/series b/queue-5.15/series
index f412f589853..1a8641eb4f6 100644
--- a/queue-5.15/series
+++ b/queue-5.15/series
@@ -183,7 +183,6 @@ drm-amdkfd-don-t-allow-mapping-the-mmio-hdp-page-with-large-pages.patch
 ata-libata-core-fix-null-pointer-dereference-on-error.patch
 cgroup-cpuset-prevent-uaf-in-proc_cpuset_show.patch
 net-rds-fix-possible-deadlock-in-rds_message_put.patch
-ksmbd-the-buffer-of-smb2-query-dir-response-has-at-l.patch
 soundwire-stream-fix-programming-slave-ports-for-non-continous-port-maps.patch
 pm-core-remove-define_universal_dev_pm_ops-macro.patch
 pm-core-add-export-_gpl-_simple_dev_pm_ops-macros.patch