Revert "cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting"

This reverts commit 748144f35514aef14c4fdef5bcaa0db99cb9367a which is
commit f46ecbd97f508e68a7806291a139499794874f3d upstream.

Philip reports:
	seems adding "cifs: Fix slab-out-of-bounds in send_set_info() on SMB2
	ACE setting" (commit 748144f) [1] created a regression within linux
	v4.14 kernel series. Writing to a mounted cifs either freezes on writing
	or crashes the PC. A more detailed explanation you may find in our
	forums [2]. Reverting the patch, seems to "fix" it. Thoughts?

	[2] https://forum.manjaro.org/t/53250

Reported-by: Philip Müller <philm@manjaro.org>
Cc: Jianhong Yin <jiyin@redhat.com>
Cc: Stefano Brivio <sbrivio@redhat.com>
Cc: Aurelien Aptel <aaptel@suse.com>
Cc: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 0480cd9..71b8198 100644 (file)
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -338,10 +338,7 @@ smb2_plain_req_init(__le16 smb2_command, struct cifs_tcon *tcon,
                return rc;
 
        /* BB eventually switch this to SMB2 specific small buf size */
-       if (smb2_command == SMB2_SET_INFO)
-               *request_buf = cifs_buf_get();
-       else
-               *request_buf = cifs_small_buf_get();
+       *request_buf = cifs_small_buf_get();
        if (*request_buf == NULL) {
                /* BB should we add a retry in here if not a writepage? */
                return -ENOMEM;
@@ -3171,7 +3168,7 @@ send_set_info(const unsigned int xid, struct cifs_tcon *tcon,
        }
 
        rc = SendReceive2(xid, ses, iov, num, &resp_buftype, flags, &rsp_iov);
-       cifs_buf_release(req);
+       cifs_small_buf_release(req);
        rsp = (struct smb2_set_info_rsp *)rsp_iov.iov_base;
 
        if (rc != 0)