]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/commitdiff
3.0-stable patches
authorGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 22 Apr 2013 16:32:21 +0000 (09:32 -0700)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 22 Apr 2013 16:32:21 +0000 (09:32 -0700)
added patches:
crypto-algif-suppress-sending-source-address-information.patch
revert-sysfs-fix-race-between-readdir-and-lseek.patch

queue-3.0/crypto-algif-suppress-sending-source-address-information.patch [new file with mode: 0644]
queue-3.0/revert-sysfs-fix-race-between-readdir-and-lseek.patch [new file with mode: 0644]
queue-3.0/series

diff --git a/queue-3.0/crypto-algif-suppress-sending-source-address-information.patch b/queue-3.0/crypto-algif-suppress-sending-source-address-information.patch
new file mode 100644 (file)
index 0000000..dc4d54e
--- /dev/null
@@ -0,0 +1,43 @@
+From 72a763d805a48ac8c0bf48fdb510e84c12de51fe Mon Sep 17 00:00:00 2001
+From: Mathias Krause <minipli@googlemail.com>
+Date: Sun, 7 Apr 2013 14:05:39 +0200
+Subject: crypto: algif - suppress sending source address information in recvmsg
+
+From: Mathias Krause <minipli@googlemail.com>
+
+commit 72a763d805a48ac8c0bf48fdb510e84c12de51fe upstream.
+
+The current code does not set the msg_namelen member to 0 and therefore
+makes net/socket.c leak the local sockaddr_storage variable to userland
+-- 128 bytes of kernel stack memory. Fix that.
+
+Signed-off-by: Mathias Krause <minipli@googlemail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/algif_hash.c     |    2 ++
+ crypto/algif_skcipher.c |    1 +
+ 2 files changed, 3 insertions(+)
+
+--- a/crypto/algif_hash.c
++++ b/crypto/algif_hash.c
+@@ -159,6 +159,8 @@ static int hash_recvmsg(struct kiocb *un
+       else if (len < ds)
+               msg->msg_flags |= MSG_TRUNC;
++      msg->msg_namelen = 0;
++
+       lock_sock(sk);
+       if (ctx->more) {
+               ctx->more = 0;
+--- a/crypto/algif_skcipher.c
++++ b/crypto/algif_skcipher.c
+@@ -432,6 +432,7 @@ static int skcipher_recvmsg(struct kiocb
+       long copied = 0;
+       lock_sock(sk);
++      msg->msg_namelen = 0;
+       for (iov = msg->msg_iov, iovlen = msg->msg_iovlen; iovlen > 0;
+            iovlen--, iov++) {
+               unsigned long seglen = iov->iov_len;
diff --git a/queue-3.0/revert-sysfs-fix-race-between-readdir-and-lseek.patch b/queue-3.0/revert-sysfs-fix-race-between-readdir-and-lseek.patch
new file mode 100644 (file)
index 0000000..d6e4f2d
--- /dev/null
@@ -0,0 +1,54 @@
+From jkosina@suse.cz  Mon Apr 22 09:30:43 2013
+From: Jiri Kosina <jkosina@suse.cz>
+Date: Mon, 22 Apr 2013 15:40:15 +0200 (CEST)
+Subject: Revert "sysfs: fix race between readdir and lseek"
+To: stable@vger.kernel.org
+Cc: linux-kernel@vger.kernel.org
+Message-ID: <alpine.LNX.2.00.1304221537480.1341@pobox.suse.cz>
+
+From: Jiri Kosina <jkosina@suse.cz>
+
+This reverts commit 991f76f837bf22c5bb07261cfd86525a0a96650c in Linus'
+tree which is f366c8f271888f48e15cc7c0ab70f184c220c8a4 in
+linux-stable.git
+
+It depends on ef3d0fd27e90f ("vfs: do (nearly) lockless generic_file_llseek")
+which is available only in 3.2+.
+
+When applied on 3.0 codebase, it causes A-A deadlock, whenever anyone does
+seek() on sysfs, as both generic_file_llseek() and sysfs_dir_llseek() obtain
+i_mutex.
+
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Cc: Jiri Slaby <jslaby@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/sysfs/dir.c |   14 +-------------
+ 1 file changed, 1 insertion(+), 13 deletions(-)
+
+--- a/fs/sysfs/dir.c
++++ b/fs/sysfs/dir.c
+@@ -959,21 +959,9 @@ static int sysfs_readdir(struct file * f
+       return 0;
+ }
+-static loff_t sysfs_dir_llseek(struct file *file, loff_t offset, int whence)
+-{
+-      struct inode *inode = file->f_path.dentry->d_inode;
+-      loff_t ret;
+-
+-      mutex_lock(&inode->i_mutex);
+-      ret = generic_file_llseek(file, offset, whence);
+-      mutex_unlock(&inode->i_mutex);
+-
+-      return ret;
+-}
+-
+ const struct file_operations sysfs_dir_operations = {
+       .read           = generic_read_dir,
+       .readdir        = sysfs_readdir,
+       .release        = sysfs_dir_release,
+-      .llseek         = sysfs_dir_llseek,
++      .llseek         = generic_file_llseek,
+ };
index 31ef644a44394a5804de982097e954bbbce0a8f4..524843f673a5ef2fb474e83b14212aa4061c0a7f 100644 (file)
@@ -12,3 +12,5 @@ arm-7696-1-fix-kexec-by-setting-outer_cache.inv_all-for-feroceon.patch
 ath9k_htc-accept-1.x-firmware-newer-than-1.3.patch
 
 sched-convert-bug_on-s-in-try_to_wake_up_local-to-warn_on_once-s.patch
+crypto-algif-suppress-sending-source-address-information.patch
+revert-sysfs-fix-race-between-readdir-and-lseek.patch