--- /dev/null
+From 21fc61c73c3903c4c312d0802da01ec2b323d174 Mon Sep 17 00:00:00 2001
+From: Al Viro <viro@zeniv.linux.org.uk>
+Date: Tue, 17 Nov 2015 01:07:57 -0500
+Subject: don't put symlink bodies in pagecache into highmem
+
+From: Al Viro <viro@zeniv.linux.org.uk>
+
+commit 21fc61c73c3903c4c312d0802da01ec2b323d174 upstream.
+
+kmap() in page_follow_link_light() needed to go - allowing to hold
+an arbitrary number of kmaps for long is a great way to deadlocking
+the system.
+
+new helper (inode_nohighmem(inode)) needs to be used for pagecache
+symlinks inodes; done for all in-tree cases. page_follow_link_light()
+instrumented to yell about anything missed.
+
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Jin Qian <jinqian@google.com>
+Signed-off-by: Jin Qian <jinqian@android.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/inode.c | 1 +
+ fs/ext4/namei.c | 1 +
+ fs/ext4/symlink.c | 10 +++-------
+ fs/f2fs/inode.c | 1 +
+ fs/f2fs/namei.c | 5 ++---
+ fs/inode.c | 6 ++++++
+ include/linux/fs.h | 1 +
+ 7 files changed, 15 insertions(+), 10 deletions(-)
+
+--- a/fs/ext4/inode.c
++++ b/fs/ext4/inode.c
+@@ -4417,6 +4417,7 @@ struct inode *ext4_iget(struct super_blo
+ inode->i_op = &ext4_symlink_inode_operations;
+ ext4_set_aops(inode);
+ }
++ inode_nohighmem(inode);
+ } else if (S_ISCHR(inode->i_mode) || S_ISBLK(inode->i_mode) ||
+ S_ISFIFO(inode->i_mode) || S_ISSOCK(inode->i_mode)) {
+ inode->i_op = &ext4_special_inode_operations;
+--- a/fs/ext4/namei.c
++++ b/fs/ext4/namei.c
+@@ -3151,6 +3151,7 @@ static int ext4_symlink(struct inode *di
+ if ((disk_link.len > EXT4_N_BLOCKS * 4)) {
+ if (!encryption_required)
+ inode->i_op = &ext4_symlink_inode_operations;
++ inode_nohighmem(inode);
+ ext4_set_aops(inode);
+ /*
+ * We cannot call page_symlink() with transaction started
+--- a/fs/ext4/symlink.c
++++ b/fs/ext4/symlink.c
+@@ -45,7 +45,7 @@ static const char *ext4_encrypted_follow
+ cpage = read_mapping_page(inode->i_mapping, 0, NULL);
+ if (IS_ERR(cpage))
+ return ERR_CAST(cpage);
+- caddr = kmap(cpage);
++ caddr = page_address(cpage);
+ caddr[size] = 0;
+ }
+
+@@ -75,16 +75,12 @@ static const char *ext4_encrypted_follow
+ /* Null-terminate the name */
+ if (res <= plen)
+ paddr[res] = '\0';
+- if (cpage) {
+- kunmap(cpage);
++ if (cpage)
+ page_cache_release(cpage);
+- }
+ return *cookie = paddr;
+ errout:
+- if (cpage) {
+- kunmap(cpage);
++ if (cpage)
+ page_cache_release(cpage);
+- }
+ kfree(paddr);
+ return ERR_PTR(res);
+ }
+--- a/fs/f2fs/inode.c
++++ b/fs/f2fs/inode.c
+@@ -202,6 +202,7 @@ make_now:
+ inode->i_op = &f2fs_encrypted_symlink_inode_operations;
+ else
+ inode->i_op = &f2fs_symlink_inode_operations;
++ inode_nohighmem(inode);
+ inode->i_mapping->a_ops = &f2fs_dblock_aops;
+ } else if (S_ISCHR(inode->i_mode) || S_ISBLK(inode->i_mode) ||
+ S_ISFIFO(inode->i_mode) || S_ISSOCK(inode->i_mode)) {
+--- a/fs/f2fs/namei.c
++++ b/fs/f2fs/namei.c
+@@ -351,6 +351,7 @@ static int f2fs_symlink(struct inode *di
+ inode->i_op = &f2fs_encrypted_symlink_inode_operations;
+ else
+ inode->i_op = &f2fs_symlink_inode_operations;
++ inode_nohighmem(inode);
+ inode->i_mapping->a_ops = &f2fs_dblock_aops;
+
+ f2fs_lock_op(sbi);
+@@ -942,7 +943,7 @@ static const char *f2fs_encrypted_follow
+ cpage = read_mapping_page(inode->i_mapping, 0, NULL);
+ if (IS_ERR(cpage))
+ return ERR_CAST(cpage);
+- caddr = kmap(cpage);
++ caddr = page_address(cpage);
+ caddr[size] = 0;
+
+ /* Symlink is encrypted */
+@@ -982,13 +983,11 @@ static const char *f2fs_encrypted_follow
+ /* Null-terminate the name */
+ paddr[res] = '\0';
+
+- kunmap(cpage);
+ page_cache_release(cpage);
+ return *cookie = paddr;
+ errout:
+ kfree(cstr.name);
+ f2fs_fname_crypto_free_buffer(&pstr);
+- kunmap(cpage);
+ page_cache_release(cpage);
+ return ERR_PTR(res);
+ }
+--- a/fs/inode.c
++++ b/fs/inode.c
+@@ -2028,3 +2028,9 @@ void inode_set_flags(struct inode *inode
+ new_flags) != old_flags));
+ }
+ EXPORT_SYMBOL(inode_set_flags);
++
++void inode_nohighmem(struct inode *inode)
++{
++ mapping_set_gfp_mask(inode->i_mapping, GFP_USER);
++}
++EXPORT_SYMBOL(inode_nohighmem);
+--- a/include/linux/fs.h
++++ b/include/linux/fs.h
+@@ -3066,5 +3066,6 @@ static inline bool dir_relax(struct inod
+ }
+
+ extern bool path_noexec(const struct path *path);
++extern void inode_nohighmem(struct inode *inode);
+
+ #endif /* _LINUX_FS_H */
--- /dev/null
+From 794b4bc292f5d31739d89c0202c54e7dc9bc3add Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Thu, 8 Jun 2017 14:48:18 +0100
+Subject: KEYS: encrypted: fix buffer overread in valid_master_desc()
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit 794b4bc292f5d31739d89c0202c54e7dc9bc3add upstream.
+
+With the 'encrypted' key type it was possible for userspace to provide a
+data blob ending with a master key description shorter than expected,
+e.g. 'keyctl add encrypted desc "new x" @s'. When validating such a
+master key description, validate_master_desc() could read beyond the end
+of the buffer. Fix this by using strncmp() instead of memcmp(). [Also
+clean up the code to deduplicate some logic.]
+
+Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: David Howells <dhowells@redhat.com>
+Signed-off-by: James Morris <james.l.morris@oracle.com>
+Signed-off-by: Jin Qian <jinqian@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ security/keys/encrypted-keys/encrypted.c | 31 +++++++++++++++----------------
+ 1 file changed, 15 insertions(+), 16 deletions(-)
+
+--- a/security/keys/encrypted-keys/encrypted.c
++++ b/security/keys/encrypted-keys/encrypted.c
+@@ -141,23 +141,22 @@ static int valid_ecryptfs_desc(const cha
+ */
+ static int valid_master_desc(const char *new_desc, const char *orig_desc)
+ {
+- if (!memcmp(new_desc, KEY_TRUSTED_PREFIX, KEY_TRUSTED_PREFIX_LEN)) {
+- if (strlen(new_desc) == KEY_TRUSTED_PREFIX_LEN)
+- goto out;
+- if (orig_desc)
+- if (memcmp(new_desc, orig_desc, KEY_TRUSTED_PREFIX_LEN))
+- goto out;
+- } else if (!memcmp(new_desc, KEY_USER_PREFIX, KEY_USER_PREFIX_LEN)) {
+- if (strlen(new_desc) == KEY_USER_PREFIX_LEN)
+- goto out;
+- if (orig_desc)
+- if (memcmp(new_desc, orig_desc, KEY_USER_PREFIX_LEN))
+- goto out;
+- } else
+- goto out;
++ int prefix_len;
++
++ if (!strncmp(new_desc, KEY_TRUSTED_PREFIX, KEY_TRUSTED_PREFIX_LEN))
++ prefix_len = KEY_TRUSTED_PREFIX_LEN;
++ else if (!strncmp(new_desc, KEY_USER_PREFIX, KEY_USER_PREFIX_LEN))
++ prefix_len = KEY_USER_PREFIX_LEN;
++ else
++ return -EINVAL;
++
++ if (!new_desc[prefix_len])
++ return -EINVAL;
++
++ if (orig_desc && strncmp(new_desc, orig_desc, prefix_len))
++ return -EINVAL;
++
+ return 0;
+-out:
+- return -EINVAL;
+ }
+
+ /*
--- /dev/null
+From 5331aec1bf9c9da557668174e0a4bfcee39f1121 Mon Sep 17 00:00:00 2001
+From: Jesse Chan <jc@linux.com>
+Date: Mon, 20 Nov 2017 15:56:28 -0500
+Subject: media: soc_camera: soc_scale_crop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
+
+From: Jesse Chan <jc@linux.com>
+
+commit 5331aec1bf9c9da557668174e0a4bfcee39f1121 upstream.
+
+This change resolves a new compile-time warning
+when built as a loadable module:
+
+WARNING: modpost: missing MODULE_LICENSE() in drivers/media/platform/soc_camera/soc_scale_crop.o
+see include/linux/module.h for more information
+
+This adds the license as "GPL", which matches the header of the file.
+
+MODULE_DESCRIPTION and MODULE_AUTHOR are also added.
+
+Signed-off-by: Jesse Chan <jc@linux.com>
+Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
+Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/media/platform/soc_camera/soc_scale_crop.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/drivers/media/platform/soc_camera/soc_scale_crop.c
++++ b/drivers/media/platform/soc_camera/soc_scale_crop.c
+@@ -405,3 +405,7 @@ void soc_camera_calc_client_output(struc
+ mf->height = soc_camera_shift_scale(rect->height, shift, scale_v);
+ }
+ EXPORT_SYMBOL(soc_camera_calc_client_output);
++
++MODULE_DESCRIPTION("soc-camera scaling-cropping functions");
++MODULE_AUTHOR("Guennadi Liakhovetski <kernel@pengutronix.de>");
++MODULE_LICENSE("GPL");
projects / thirdparty / kernel / stable-queue.git / commitdiff
