+++ /dev/null
-From 041d7b98ffe59c59fdd639931dea7d74f9aa9a59 Mon Sep 17 00:00:00 2001
-From: Richard Guy Briggs <rgb@redhat.com>
-Date: Tue, 23 Dec 2014 13:02:04 -0500
-Subject: audit: restore AUDIT_LOGINUID unset ABI
-
-From: Richard Guy Briggs <rgb@redhat.com>
-
-commit 041d7b98ffe59c59fdd639931dea7d74f9aa9a59 upstream.
-
-A regression was caused by commit 780a7654cee8:
- audit: Make testing for a valid loginuid explicit.
-(which in turn attempted to fix a regression caused by e1760bd)
-
-When audit_krule_to_data() fills in the rules to get a listing, there was a
-missing clause to convert back from AUDIT_LOGINUID_SET to AUDIT_LOGINUID.
-
-This broke userspace by not returning the same information that was sent and
-expected.
-
-The rule:
- auditctl -a exit,never -F auid=-1
-gives:
- auditctl -l
- LIST_RULES: exit,never f24=0 syscall=all
-when it should give:
- LIST_RULES: exit,never auid=-1 (0xffffffff) syscall=all
-
-Tag it so that it is reported the same way it was set. Create a new
-private flags audit_krule field (pflags) to store it that won't interact with
-the public one from the API.
-
-Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
-Signed-off-by: Paul Moore <pmoore@redhat.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- include/linux/audit.h | 4 ++++
- kernel/auditfilter.c | 10 ++++++++++
- 2 files changed, 14 insertions(+)
-
---- a/include/linux/audit.h
-+++ b/include/linux/audit.h
-@@ -46,6 +46,7 @@ struct audit_tree;
-
- struct audit_krule {
- int vers_ops;
-+ u32 pflags;
- u32 flags;
- u32 listnr;
- u32 action;
-@@ -63,6 +64,9 @@ struct audit_krule {
- u64 prio;
- };
-
-+/* Flag to indicate legacy AUDIT_LOGINUID unset usage */
-+#define AUDIT_LOGINUID_LEGACY 0x1
-+
- struct audit_field {
- u32 type;
- u32 val;
---- a/kernel/auditfilter.c
-+++ b/kernel/auditfilter.c
-@@ -426,6 +426,7 @@ static struct audit_entry *audit_data_to
- if ((f->type == AUDIT_LOGINUID) && (f->val == 4294967295)) {
- f->type = AUDIT_LOGINUID_SET;
- f->val = 0;
-+ entry->rule.pflags |= AUDIT_LOGINUID_LEGACY;
- }
-
- err = audit_field_valid(entry, f);
-@@ -601,6 +602,13 @@ static struct audit_rule_data *audit_kru
- data->buflen += data->values[i] =
- audit_pack_string(&bufp, krule->filterkey);
- break;
-+ case AUDIT_LOGINUID_SET:
-+ if (krule->pflags & AUDIT_LOGINUID_LEGACY && !f->val) {
-+ data->fields[i] = AUDIT_LOGINUID;
-+ data->values[i] = AUDIT_UID_UNSET;
-+ break;
-+ }
-+ /* fallthrough if set */
- default:
- data->values[i] = f->val;
- }
-@@ -617,6 +625,7 @@ static int audit_compare_rule(struct aud
- int i;
-
- if (a->flags != b->flags ||
-+ a->pflags != b->pflags ||
- a->listnr != b->listnr ||
- a->action != b->action ||
- a->field_count != b->field_count)
-@@ -735,6 +744,7 @@ struct audit_entry *audit_dupe_rule(stru
- new = &entry->rule;
- new->vers_ops = old->vers_ops;
- new->flags = old->flags;
-+ new->pflags = old->pflags;
- new->listnr = old->listnr;
- new->action = old->action;
- for (i = 0; i < AUDIT_BITMASK_SIZE; i++)
userns-add-a-knob-to-disable-setgroups-on-a-per-user-namespace-basis.patch
userns-allow-setting-gid_maps-without-privilege-when-setgroups-is-disabled.patch
userns-unbreak-the-unprivileged-remount-tests.patch
-audit-restore-audit_loginuid-unset-abi.patch
crypto-af_alg-fix-backlog-handling.patch
ncpfs-return-proper-error-from-ncp_ioc_setroot-ioctl.patch
exit-pidns-alloc_pid-leaks-pid_namespace-if-child_reaper-is-exiting.patch
-udf-check-path-length-when-reading-symlink.patch
-udf-verify-i_size-when-loading-inode.patch
udf-verify-symlink-size-before-loading-it.patch
-udf-check-component-length-before-reading-it.patch
ecryptfs-force-ro-mount-when-encrypted-view-is-enabled.patch
ecryptfs-remove-buggy-and-unnecessary-write-in-file-name-decode-routine.patch
btrfs-do-not-move-em-to-modified-list-when-unpinning.patch
+++ /dev/null
-From e237ec37ec154564f8690c5bd1795339955eeef9 Mon Sep 17 00:00:00 2001
-From: Jan Kara <jack@suse.cz>
-Date: Fri, 19 Dec 2014 14:27:55 +0100
-Subject: udf: Check component length before reading it
-
-From: Jan Kara <jack@suse.cz>
-
-commit e237ec37ec154564f8690c5bd1795339955eeef9 upstream.
-
-Check that length specified in a component of a symlink fits in the
-input buffer we are reading. Also properly ignore component length for
-component types that do not use it. Otherwise we read memory after end
-of buffer for corrupted udf image.
-
-Reported-by: Carl Henrik Lunde <chlunde@ping.uio.no>
-Signed-off-by: Jan Kara <jack@suse.cz>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- fs/udf/symlink.c | 9 +++++++--
- 1 file changed, 7 insertions(+), 2 deletions(-)
-
---- a/fs/udf/symlink.c
-+++ b/fs/udf/symlink.c
-@@ -42,14 +42,17 @@ static int udf_pc_to_char(struct super_b
- tolen--;
- while (elen < fromlen) {
- pc = (struct pathComponent *)(from + elen);
-+ elen += sizeof(struct pathComponent);
- switch (pc->componentType) {
- case 1:
- /*
- * Symlink points to some place which should be agreed
- * upon between originator and receiver of the media. Ignore.
- */
-- if (pc->lengthComponentIdent > 0)
-+ if (pc->lengthComponentIdent > 0) {
-+ elen += pc->lengthComponentIdent;
- break;
-+ }
- /* Fall through */
- case 2:
- if (tolen == 0)
-@@ -74,6 +77,9 @@ static int udf_pc_to_char(struct super_b
- /* that would be . - just ignore */
- break;
- case 5:
-+ elen += pc->lengthComponentIdent;
-+ if (elen > fromlen)
-+ return -EIO;
- comp_len = udf_get_filename(sb, pc->componentIdent,
- pc->lengthComponentIdent,
- p, tolen);
-@@ -85,7 +91,6 @@ static int udf_pc_to_char(struct super_b
- tolen--;
- break;
- }
-- elen += sizeof(struct pathComponent) + pc->lengthComponentIdent;
- }
- if (p > to + 1)
- p[-1] = '\0';
+++ /dev/null
-From 0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14 Mon Sep 17 00:00:00 2001
-From: Jan Kara <jack@suse.cz>
-Date: Thu, 18 Dec 2014 22:37:50 +0100
-Subject: udf: Check path length when reading symlink
-
-From: Jan Kara <jack@suse.cz>
-
-commit 0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14 upstream.
-
-Symlink reading code does not check whether the resulting path fits into
-the page provided by the generic code. This isn't as easy as just
-checking the symlink size because of various encoding conversions we
-perform on path. So we have to check whether there is still enough space
-in the buffer on the fly.
-
-Reported-by: Carl Henrik Lunde <chlunde@ping.uio.no>
-Signed-off-by: Jan Kara <jack@suse.cz>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- fs/udf/dir.c | 2 ++
- fs/udf/namei.c | 3 ++-
- fs/udf/symlink.c | 31 ++++++++++++++++++++++++++-----
- fs/udf/udfdecl.h | 3 ++-
- fs/udf/unicode.c | 28 ++++++++++++++++------------
- 5 files changed, 48 insertions(+), 19 deletions(-)
-
---- a/fs/udf/dir.c
-+++ b/fs/udf/dir.c
-@@ -164,6 +164,8 @@ static int do_udf_readdir(struct inode *
-
- iblock = udf_get_lb_pblock(dir->i_sb, &tloc, 0);
- flen = udf_get_filename(dir->i_sb, nameptr, fname, lfi);
-+ flen = udf_get_filename(dir->i_sb, nameptr, lfi, fname,
-+ UDF_NAME_LEN);
- dt_type = DT_UNKNOWN;
- }
-
---- a/fs/udf/namei.c
-+++ b/fs/udf/namei.c
-@@ -233,7 +233,8 @@ static struct fileIdentDesc *udf_find_en
- if (!lfi)
- continue;
-
-- flen = udf_get_filename(dir->i_sb, nameptr, fname, lfi);
-+ flen = udf_get_filename(dir->i_sb, nameptr, lfi, fname,
-+ UDF_NAME_LEN);
- if (flen && udf_match(flen, fname, child->len, child->name))
- goto out_ok;
- }
---- a/fs/udf/symlink.c
-+++ b/fs/udf/symlink.c
-@@ -30,13 +30,16 @@
- #include <linux/buffer_head.h>
- #include "udf_i.h"
-
--static void udf_pc_to_char(struct super_block *sb, unsigned char *from,
-- int fromlen, unsigned char *to)
-+static int udf_pc_to_char(struct super_block *sb, unsigned char *from,
-+ int fromlen, unsigned char *to, int tolen)
- {
- struct pathComponent *pc;
- int elen = 0;
-+ int comp_len;
- unsigned char *p = to;
-
-+ /* Reserve one byte for terminating \0 */
-+ tolen--;
- while (elen < fromlen) {
- pc = (struct pathComponent *)(from + elen);
- switch (pc->componentType) {
-@@ -49,22 +52,37 @@ static void udf_pc_to_char(struct super_
- break;
- /* Fall through */
- case 2:
-+ if (tolen == 0)
-+ return -ENAMETOOLONG;
- p = to;
- *p++ = '/';
-+ tolen--;
- break;
- case 3:
-+ if (tolen < 3)
-+ return -ENAMETOOLONG;
- memcpy(p, "../", 3);
- p += 3;
-+ tolen -= 3;
- break;
- case 4:
-+ if (tolen < 2)
-+ return -ENAMETOOLONG;
- memcpy(p, "./", 2);
- p += 2;
-+ tolen -= 2;
- /* that would be . - just ignore */
- break;
- case 5:
-- p += udf_get_filename(sb, pc->componentIdent, p,
-- pc->lengthComponentIdent);
-+ comp_len = udf_get_filename(sb, pc->componentIdent,
-+ pc->lengthComponentIdent,
-+ p, tolen);
-+ p += comp_len;
-+ tolen -= comp_len;
-+ if (tolen == 0)
-+ return -ENAMETOOLONG;
- *p++ = '/';
-+ tolen--;
- break;
- }
- elen += sizeof(struct pathComponent) + pc->lengthComponentIdent;
-@@ -73,6 +91,7 @@ static void udf_pc_to_char(struct super_
- p[-1] = '\0';
- else
- p[0] = '\0';
-+ return 0;
- }
-
- static int udf_symlink_filler(struct file *file, struct page *page)
-@@ -100,8 +119,10 @@ static int udf_symlink_filler(struct fil
- symlink = bh->b_data;
- }
-
-- udf_pc_to_char(inode->i_sb, symlink, inode->i_size, p);
-+ err = udf_pc_to_char(inode->i_sb, symlink, inode->i_size, p, PAGE_SIZE);
- brelse(bh);
-+ if (err)
-+ goto out_unlock_inode;
-
- up_read(&iinfo->i_data_sem);
- SetPageUptodate(page);
---- a/fs/udf/udfdecl.h
-+++ b/fs/udf/udfdecl.h
-@@ -201,7 +201,8 @@ udf_get_lb_pblock(struct super_block *sb
- }
-
- /* unicode.c */
--extern int udf_get_filename(struct super_block *, uint8_t *, uint8_t *, int);
-+extern int udf_get_filename(struct super_block *, uint8_t *, int, uint8_t *,
-+ int);
- extern int udf_put_filename(struct super_block *, const uint8_t *, uint8_t *,
- int);
- extern int udf_build_ustr(struct ustr *, dstring *, int);
---- a/fs/udf/unicode.c
-+++ b/fs/udf/unicode.c
-@@ -28,7 +28,8 @@
-
- #include "udf_sb.h"
-
--static int udf_translate_to_linux(uint8_t *, uint8_t *, int, uint8_t *, int);
-+static int udf_translate_to_linux(uint8_t *, int, uint8_t *, int, uint8_t *,
-+ int);
-
- static int udf_char_to_ustr(struct ustr *dest, const uint8_t *src, int strlen)
- {
-@@ -333,8 +334,8 @@ try_again:
- return u_len + 1;
- }
-
--int udf_get_filename(struct super_block *sb, uint8_t *sname, uint8_t *dname,
-- int flen)
-+int udf_get_filename(struct super_block *sb, uint8_t *sname, int slen,
-+ uint8_t *dname, int dlen)
- {
- struct ustr *filename, *unifilename;
- int len = 0;
-@@ -347,7 +348,7 @@ int udf_get_filename(struct super_block
- if (!unifilename)
- goto out1;
-
-- if (udf_build_ustr_exact(unifilename, sname, flen))
-+ if (udf_build_ustr_exact(unifilename, sname, slen))
- goto out2;
-
- if (UDF_QUERY_FLAG(sb, UDF_FLAG_UTF8)) {
-@@ -366,7 +367,8 @@ int udf_get_filename(struct super_block
- } else
- goto out2;
-
-- len = udf_translate_to_linux(dname, filename->u_name, filename->u_len,
-+ len = udf_translate_to_linux(dname, dlen,
-+ filename->u_name, filename->u_len,
- unifilename->u_name, unifilename->u_len);
- out2:
- kfree(unifilename);
-@@ -403,10 +405,12 @@ int udf_put_filename(struct super_block
- #define EXT_MARK '.'
- #define CRC_MARK '#'
- #define EXT_SIZE 5
-+/* Number of chars we need to store generated CRC to make filename unique */
-+#define CRC_LEN 5
-
--static int udf_translate_to_linux(uint8_t *newName, uint8_t *udfName,
-- int udfLen, uint8_t *fidName,
-- int fidNameLen)
-+static int udf_translate_to_linux(uint8_t *newName, int newLen,
-+ uint8_t *udfName, int udfLen,
-+ uint8_t *fidName, int fidNameLen)
- {
- int index, newIndex = 0, needsCRC = 0;
- int extIndex = 0, newExtIndex = 0, hasExt = 0;
-@@ -440,7 +444,7 @@ static int udf_translate_to_linux(uint8_
- newExtIndex = newIndex;
- }
- }
-- if (newIndex < 256)
-+ if (newIndex < newLen)
- newName[newIndex++] = curr;
- else
- needsCRC = 1;
-@@ -468,13 +472,13 @@ static int udf_translate_to_linux(uint8_
- }
- ext[localExtIndex++] = curr;
- }
-- maxFilenameLen = 250 - localExtIndex;
-+ maxFilenameLen = newLen - CRC_LEN - localExtIndex;
- if (newIndex > maxFilenameLen)
- newIndex = maxFilenameLen;
- else
- newIndex = newExtIndex;
-- } else if (newIndex > 250)
-- newIndex = 250;
-+ } else if (newIndex > newLen - CRC_LEN)
-+ newIndex = newLen - CRC_LEN;
- newName[newIndex++] = CRC_MARK;
- valueCRC = crc_itu_t(0, fidName, fidNameLen);
- newName[newIndex++] = hexChar[(valueCRC & 0xf000) >> 12];
+++ /dev/null
-From e159332b9af4b04d882dbcfe1bb0117f0a6d4b58 Mon Sep 17 00:00:00 2001
-From: Jan Kara <jack@suse.cz>
-Date: Fri, 19 Dec 2014 12:03:53 +0100
-Subject: udf: Verify i_size when loading inode
-
-From: Jan Kara <jack@suse.cz>
-
-commit e159332b9af4b04d882dbcfe1bb0117f0a6d4b58 upstream.
-
-Verify that inode size is sane when loading inode with data stored in
-ICB. Otherwise we may get confused later when working with the inode and
-inode size is too big.
-
-Reported-by: Carl Henrik Lunde <chlunde@ping.uio.no>
-Signed-off-by: Jan Kara <jack@suse.cz>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- fs/udf/inode.c | 14 ++++++++++++++
- 1 file changed, 14 insertions(+)
-
---- a/fs/udf/inode.c
-+++ b/fs/udf/inode.c
-@@ -1495,6 +1495,20 @@ static void udf_fill_inode(struct inode
- iinfo->i_checkpoint = le32_to_cpu(efe->checkpoint);
- }
-
-+ /* Sanity checks for files in ICB so that we don't get confused later */
-+ if (iinfo->i_alloc_type == ICBTAG_FLAG_AD_IN_ICB) {
-+ /*
-+ * For file in ICB data is stored in allocation descriptor
-+ * so sizes should match
-+ */
-+ if (iinfo->i_lenAlloc != inode->i_size)
-+ goto out;
-+ /* File in ICB has to fit in there... */
-+ if (inode->i_size > inode->i_sb->s_blocksize -
-+ udf_file_entry_alloc_offset(inode))
-+ goto out;
-+ }
-+
- switch (fe->icbTag.fileType) {
- case ICBTAG_FILE_TYPE_DIRECTORY:
- inode->i_op = &udf_dir_inode_operations;
--- a/fs/udf/symlink.c
+++ b/fs/udf/symlink.c
-@@ -99,11 +99,17 @@ static int udf_symlink_filler(struct fil
+@@ -80,11 +80,17 @@ static int udf_symlink_filler(struct fil
struct inode *inode = page->mapping->host;
struct buffer_head *bh = NULL;
unsigned char *symlink;
iinfo = UDF_I(inode);
pos = udf_block_map(inode, 0);
-@@ -113,8 +119,10 @@ static int udf_symlink_filler(struct fil
+@@ -94,8 +100,10 @@ static int udf_symlink_filler(struct fil
} else {
bh = sb_bread(inode->i_sb, pos);
symlink = bh->b_data;
}
-@@ -130,9 +138,10 @@ static int udf_symlink_filler(struct fil
+@@ -109,9 +117,10 @@ static int udf_symlink_filler(struct fil
unlock_page(page);
return 0;
projects / thirdparty / kernel / stable-queue.git / commitdiff
