--- /dev/null
+From 8e618aad5348b6e6c5a90e8d97ea643197963b20 Mon Sep 17 00:00:00 2001
+From: Tilman Schmidt <tilman@imap.cc>
+Date: Wed, 25 Apr 2012 13:02:19 +0000
+Subject: isdn/gigaset: ratelimit CAPI message dumps
+
+From: Tilman Schmidt <tilman@imap.cc>
+
+commit 8e618aad5348b6e6c5a90e8d97ea643197963b20 upstream.
+
+Introduce a global ratelimit for CAPI message dumps to protect
+against possible log flood.
+Drop the ratelimit for ignored messages which is now covered by the
+global one.
+
+Signed-off-by: Tilman Schmidt <tilman@imap.cc>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/isdn/gigaset/capi.c | 22 +++++++++-------------
+ 1 file changed, 9 insertions(+), 13 deletions(-)
+
+--- a/drivers/isdn/gigaset/capi.c
++++ b/drivers/isdn/gigaset/capi.c
+@@ -14,6 +14,7 @@
+ #include "gigaset.h"
+ #include <linux/proc_fs.h>
+ #include <linux/seq_file.h>
++#include <linux/ratelimit.h>
+ #include <linux/isdn/capilli.h>
+ #include <linux/isdn/capicmd.h>
+ #include <linux/isdn/capiutil.h>
+@@ -222,10 +223,14 @@ get_appl(struct gigaset_capi_ctr *iif, u
+ static inline void dump_cmsg(enum debuglevel level, const char *tag, _cmsg *p)
+ {
+ #ifdef CONFIG_GIGASET_DEBUG
++ /* dump at most 20 messages in 20 secs */
++ static DEFINE_RATELIMIT_STATE(msg_dump_ratelimit, 20 * HZ, 20);
+ _cdebbuf *cdb;
+
+ if (!(gigaset_debuglevel & level))
+ return;
++ if (!___ratelimit(&msg_dump_ratelimit, tag))
++ return;
+
+ cdb = capi_cmsg2str(p);
+ if (cdb) {
+@@ -2058,12 +2063,6 @@ static void do_reset_b3_req(struct gigas
+ }
+
+ /*
+- * dump unsupported/ignored messages at most twice per minute,
+- * some apps send those very frequently
+- */
+-static unsigned long ignored_msg_dump_time;
+-
+-/*
+ * unsupported CAPI message handler
+ */
+ static void do_unsupported(struct gigaset_capi_ctr *iif,
+@@ -2072,8 +2071,7 @@ static void do_unsupported(struct gigase
+ {
+ /* decode message */
+ capi_message2cmsg(&iif->acmsg, skb->data);
+- if (printk_timed_ratelimit(&ignored_msg_dump_time, 30 * 1000))
+- dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg);
++ dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg);
+ send_conf(iif, ap, skb, CapiMessageNotSupportedInCurrentState);
+ }
+
+@@ -2084,11 +2082,9 @@ static void do_nothing(struct gigaset_ca
+ struct gigaset_capi_appl *ap,
+ struct sk_buff *skb)
+ {
+- if (printk_timed_ratelimit(&ignored_msg_dump_time, 30 * 1000)) {
+- /* decode message */
+- capi_message2cmsg(&iif->acmsg, skb->data);
+- dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg);
+- }
++ /* decode message */
++ capi_message2cmsg(&iif->acmsg, skb->data);
++ dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg);
+ dev_kfree_skb_any(skb);
+ }
+
--- /dev/null
+From a70b52ec1aaeaf60f4739edb1b422827cb6f3893 Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Mon, 21 May 2012 16:06:20 -0700
+Subject: vfs: make AIO use the proper rw_verify_area() area helpers
+
+From: Linus Torvalds <torvalds@linux-foundation.org>
+
+commit a70b52ec1aaeaf60f4739edb1b422827cb6f3893 upstream.
+
+We had for some reason overlooked the AIO interface, and it didn't use
+the proper rw_verify_area() helper function that checks (for example)
+mandatory locking on the file, and that the size of the access doesn't
+cause us to overflow the provided offset limits etc.
+
+Instead, AIO did just the security_file_permission() thing (that
+rw_verify_area() also does) directly.
+
+This fixes it to do all the proper helper functions, which not only
+means that now mandatory file locking works with AIO too, we can
+actually remove lines of code.
+
+Reported-by: Manish Honap <manish_honap_vit@yahoo.co.in>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/aio.c | 30 ++++++++++++++----------------
+ 1 file changed, 14 insertions(+), 16 deletions(-)
+
+--- a/fs/aio.c
++++ b/fs/aio.c
+@@ -1395,6 +1395,10 @@ static ssize_t aio_setup_vectored_rw(int
+ if (ret < 0)
+ goto out;
+
++ ret = rw_verify_area(type, kiocb->ki_filp, &kiocb->ki_pos, ret);
++ if (ret < 0)
++ goto out;
++
+ kiocb->ki_nr_segs = kiocb->ki_nbytes;
+ kiocb->ki_cur_seg = 0;
+ /* ki_nbytes/left now reflect bytes instead of segs */
+@@ -1406,11 +1410,17 @@ out:
+ return ret;
+ }
+
+-static ssize_t aio_setup_single_vector(struct kiocb *kiocb)
++static ssize_t aio_setup_single_vector(int type, struct file * file, struct kiocb *kiocb)
+ {
++ int bytes;
++
++ bytes = rw_verify_area(type, file, &kiocb->ki_pos, kiocb->ki_left);
++ if (bytes < 0)
++ return bytes;
++
+ kiocb->ki_iovec = &kiocb->ki_inline_vec;
+ kiocb->ki_iovec->iov_base = kiocb->ki_buf;
+- kiocb->ki_iovec->iov_len = kiocb->ki_left;
++ kiocb->ki_iovec->iov_len = bytes;
+ kiocb->ki_nr_segs = 1;
+ kiocb->ki_cur_seg = 0;
+ return 0;
+@@ -1435,10 +1445,7 @@ static ssize_t aio_setup_iocb(struct kio
+ if (unlikely(!access_ok(VERIFY_WRITE, kiocb->ki_buf,
+ kiocb->ki_left)))
+ break;
+- ret = security_file_permission(file, MAY_READ);
+- if (unlikely(ret))
+- break;
+- ret = aio_setup_single_vector(kiocb);
++ ret = aio_setup_single_vector(READ, file, kiocb);
+ if (ret)
+ break;
+ ret = -EINVAL;
+@@ -1453,10 +1460,7 @@ static ssize_t aio_setup_iocb(struct kio
+ if (unlikely(!access_ok(VERIFY_READ, kiocb->ki_buf,
+ kiocb->ki_left)))
+ break;
+- ret = security_file_permission(file, MAY_WRITE);
+- if (unlikely(ret))
+- break;
+- ret = aio_setup_single_vector(kiocb);
++ ret = aio_setup_single_vector(WRITE, file, kiocb);
+ if (ret)
+ break;
+ ret = -EINVAL;
+@@ -1467,9 +1471,6 @@ static ssize_t aio_setup_iocb(struct kio
+ ret = -EBADF;
+ if (unlikely(!(file->f_mode & FMODE_READ)))
+ break;
+- ret = security_file_permission(file, MAY_READ);
+- if (unlikely(ret))
+- break;
+ ret = aio_setup_vectored_rw(READ, kiocb, compat);
+ if (ret)
+ break;
+@@ -1481,9 +1482,6 @@ static ssize_t aio_setup_iocb(struct kio
+ ret = -EBADF;
+ if (unlikely(!(file->f_mode & FMODE_WRITE)))
+ break;
+- ret = security_file_permission(file, MAY_WRITE);
+- if (unlikely(ret))
+- break;
+ ret = aio_setup_vectored_rw(WRITE, kiocb, compat);
+ if (ret)
+ break;
projects / thirdparty / kernel / stable-queue.git / commitdiff
