3.2-stable patches

added patches:
	xfs-fix-acl-count-validation-in-xfs_acl_from_disk.patch

diff --git a/queue-3.2/series b/queue-3.2/series
index 565c760f42b8a6b2dd51e7204e8820d8c1f718f6..7724b3389c55f4c6016c1aaf4d840c4013820516 100644 (file)
--- a/queue-3.2/series
+++ b/queue-3.2/series
@@ -46,3 +46,4 @@ igmp-avoid-zero-delay-when-receiving-odd-mixture-of-igmp-queries.patch
 asix-fix-infinite-loop-in-rx_fixup.patch
 bonding-fix-error-handling-if-slave-is-busy-v2.patch
 usb-cdc-acm-fix-acm_tty_hangup-vs.-acm_tty_close-race.patch
+xfs-fix-acl-count-validation-in-xfs_acl_from_disk.patch

diff --git a/queue-3.2/xfs-fix-acl-count-validation-in-xfs_acl_from_disk.patch b/queue-3.2/xfs-fix-acl-count-validation-in-xfs_acl_from_disk.patch
new file mode 100644 (file)
index 0000000..b8a71e4
--- /dev/null
+++ b/queue-3.2/xfs-fix-acl-count-validation-in-xfs_acl_from_disk.patch
@@ -0,0 +1,32 @@
+From 093019cf1b18dd31b2c3b77acce4e000e2cbc9ce Mon Sep 17 00:00:00 2001
+From: Xi Wang <xi.wang@gmail.com>
+Date: Mon, 12 Dec 2011 21:55:52 +0000
+Subject: xfs: fix acl count validation in xfs_acl_from_disk()
+
+From: Xi Wang <xi.wang@gmail.com>
+
+commit 093019cf1b18dd31b2c3b77acce4e000e2cbc9ce upstream.
+
+Commit fa8b18ed didn't prevent the integer overflow and possible
+memory corruption.  "count" can go negative and bypass the check.
+
+Signed-off-by: Xi Wang <xi.wang@gmail.com>
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Ben Myers <bpm@sgi.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/xfs/xfs_acl.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/xfs/xfs_acl.c
++++ b/fs/xfs/xfs_acl.c
+@@ -39,7 +39,7 @@ xfs_acl_from_disk(struct xfs_acl *aclp)
+       struct posix_acl_entry *acl_e;
+       struct posix_acl *acl;
+       struct xfs_acl_entry *ace;
+-      int count, i;
++      unsigned int count, i;
+ 
+       count = be32_to_cpu(aclp->acl_cnt);
+       if (count > XFS_ACL_MAX_ENTRIES)