Commit 4168a842 authored Jul 26, 2018 by Greg Kroah-Hartman

Revert "cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting"

This reverts commit 748144f3 which is
commit f46ecbd97f508e68a7806291a139499794874f3d upstream.

Philip reports:
	seems adding "cifs: Fix slab-out-of-bounds in send_set_info() on SMB2
	ACE setting" (commit 748144f3) [1] created a regression within linux
	v4.14 kernel series. Writing to a mounted cifs either freezes on writing
	or crashes the PC. A more detailed explanation you may find in our
	forums [2]. Reverting the patch, seems to "fix" it. Thoughts?

	[2] https://forum.manjaro.org/t/53250



Reported-by: Philip Müller <philm@manjaro.org>
Cc: Jianhong Yin <jiyin@redhat.com>
Cc: Stefano Brivio <sbrivio@redhat.com>
Cc: Aurelien Aptel <aaptel@suse.com>
Cc: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent f952480a

fs/cifs/smb2pdu.c

+2 −5

Original line number	Diff line number	Diff line
		@@ -338,9 +338,6 @@ smb2_plain_req_init(__le16 smb2_command, struct cifs_tcon *tcon,
		return rc;

		/* BB eventually switch this to SMB2 specific small buf size */
		if (smb2_command == SMB2_SET_INFO)
		*request_buf = cifs_buf_get();
		else
		*request_buf = cifs_small_buf_get();
		if (*request_buf == NULL) {
		/* BB should we add a retry in here if not a writepage? */
		@@ -3171,7 +3168,7 @@ send_set_info(const unsigned int xid, struct cifs_tcon *tcon,
		}

		rc = SendReceive2(xid, ses, iov, num, &resp_buftype, flags, &rsp_iov);
		cifs_buf_release(req);
		cifs_small_buf_release(req);
		rsp = (struct smb2_set_info_rsp *)rsp_iov.iov_base;

		if (rc != 0)