From: Greg Kroah-Hartman Date: Tue, 26 Mar 2013 18:09:16 +0000 (-0700) Subject: 3.0-stable patches X-Git-Tag: v3.0.71~14 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=243f29548d0da96c3a8e032fc6624d7eaf38814f;p=thirdparty%2Fkernel%2Fstable-queue.git 3.0-stable patches added patches: cifs-ignore-everything-in-spnego-blob-after-mechtypes.patch ext4-fix-the-wrong-number-of-the-allocated-blocks-in-ext4_split_extent.patch --- diff --git a/queue-3.0/cifs-ignore-everything-in-spnego-blob-after-mechtypes.patch b/queue-3.0/cifs-ignore-everything-in-spnego-blob-after-mechtypes.patch new file mode 100644 index 00000000000..850099d0f1c --- /dev/null +++ b/queue-3.0/cifs-ignore-everything-in-spnego-blob-after-mechtypes.patch @@ -0,0 +1,97 @@ +From f853c616883a8de966873a1dab283f1369e275a1 Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Mon, 11 Mar 2013 09:52:19 -0400 +Subject: cifs: ignore everything in SPNEGO blob after mechTypes + +From: Jeff Layton + +commit f853c616883a8de966873a1dab283f1369e275a1 upstream. + +We've had several reports of people attempting to mount Windows 8 shares +and getting failures with a return code of -EINVAL. The default sec= +mode changed recently to sec=ntlmssp. With that, we expect and parse a +SPNEGO blob from the server in the NEGOTIATE reply. + +The current decode_negTokenInit function first parses all of the +mechTypes and then tries to parse the rest of the negTokenInit reply. +The parser however currently expects a mechListMIC or nothing to follow the +mechTypes, but Windows 8 puts a mechToken field there instead to carry +some info for the new NegoEx stuff. + +In practice, we don't do anything with the fields after the mechTypes +anyway so I don't see any real benefit in continuing to parse them. +This patch just has the kernel ignore the fields after the mechTypes. +We'll probably need to reinstate some of this if we ever want to support +NegoEx. + +Reported-by: Jason Burgess +Reported-by: Yan Li +Signed-off-by: Jeff Layton +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/asn1.c | 53 +++++------------------------------------------------ + 1 file changed, 5 insertions(+), 48 deletions(-) + +--- a/fs/cifs/asn1.c ++++ b/fs/cifs/asn1.c +@@ -614,53 +614,10 @@ decode_negTokenInit(unsigned char *secur + } + } + +- /* mechlistMIC */ +- if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) { +- /* Check if we have reached the end of the blob, but with +- no mechListMic (e.g. NTLMSSP instead of KRB5) */ +- if (ctx.error == ASN1_ERR_DEC_EMPTY) +- goto decode_negtoken_exit; +- cFYI(1, "Error decoding last part negTokenInit exit3"); +- return 0; +- } else if ((cls != ASN1_CTX) || (con != ASN1_CON)) { +- /* tag = 3 indicating mechListMIC */ +- cFYI(1, "Exit 4 cls = %d con = %d tag = %d end = %p (%d)", +- cls, con, tag, end, *end); +- return 0; +- } +- +- /* sequence */ +- if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) { +- cFYI(1, "Error decoding last part negTokenInit exit5"); +- return 0; +- } else if ((cls != ASN1_UNI) || (con != ASN1_CON) +- || (tag != ASN1_SEQ)) { +- cFYI(1, "cls = %d con = %d tag = %d end = %p (%d)", +- cls, con, tag, end, *end); +- } +- +- /* sequence of */ +- if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) { +- cFYI(1, "Error decoding last part negTokenInit exit 7"); +- return 0; +- } else if ((cls != ASN1_CTX) || (con != ASN1_CON)) { +- cFYI(1, "Exit 8 cls = %d con = %d tag = %d end = %p (%d)", +- cls, con, tag, end, *end); +- return 0; +- } +- +- /* general string */ +- if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) { +- cFYI(1, "Error decoding last part negTokenInit exit9"); +- return 0; +- } else if ((cls != ASN1_UNI) || (con != ASN1_PRI) +- || (tag != ASN1_GENSTR)) { +- cFYI(1, "Exit10 cls = %d con = %d tag = %d end = %p (%d)", +- cls, con, tag, end, *end); +- return 0; +- } +- cFYI(1, "Need to call asn1_octets_decode() function for %s", +- ctx.pointer); /* is this UTF-8 or ASCII? */ +-decode_negtoken_exit: ++ /* ++ * We currently ignore anything at the end of the SPNEGO blob after ++ * the mechTypes have been parsed, since none of that info is ++ * used at the moment. ++ */ + return 1; + } diff --git a/queue-3.0/ext4-fix-the-wrong-number-of-the-allocated-blocks-in-ext4_split_extent.patch b/queue-3.0/ext4-fix-the-wrong-number-of-the-allocated-blocks-in-ext4_split_extent.patch new file mode 100644 index 00000000000..8e1bc6e3f1a --- /dev/null +++ b/queue-3.0/ext4-fix-the-wrong-number-of-the-allocated-blocks-in-ext4_split_extent.patch @@ -0,0 +1,74 @@ +From 3a2256702e47f68f921dfad41b1764d05c572329 Mon Sep 17 00:00:00 2001 +From: Zheng Liu +Date: Sun, 10 Mar 2013 21:20:23 -0400 +Subject: ext4: fix the wrong number of the allocated blocks in ext4_split_extent() + +From: Zheng Liu + +commit 3a2256702e47f68f921dfad41b1764d05c572329 upstream. + +This commit fixes a wrong return value of the number of the allocated +blocks in ext4_split_extent. When the length of blocks we want to +allocate is greater than the length of the current extent, we return a +wrong number. Let's see what happens in the following case when we +call ext4_split_extent(). + + map: [48, 72] + ex: [32, 64, u] + +'ex' will be split into two parts: + ex1: [32, 47, u] + ex2: [48, 64, w] + +'map->m_len' is returned from this function, and the value is 24. But +the real length is 16. So it should be fixed. + +Meanwhile in this commit we use right length of the allocated blocks +when get_reserved_cluster_alloc in ext4_ext_handle_uninitialized_extents +is called. + +Signed-off-by: Zheng Liu +Signed-off-by: "Theodore Ts'o" +Cc: Dmitry Monakhov +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/extents.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/fs/ext4/extents.c ++++ b/fs/ext4/extents.c +@@ -2901,6 +2901,7 @@ static int ext4_split_extent(handle_t *h + int err = 0; + int uninitialized; + int split_flag1, flags1; ++ int allocated = map->m_len; + + depth = ext_depth(inode); + ex = path[depth].p_ext; +@@ -2919,6 +2920,8 @@ static int ext4_split_extent(handle_t *h + map->m_lblk + map->m_len, split_flag1, flags1); + if (err) + goto out; ++ } else { ++ allocated = ee_len - (map->m_lblk - ee_block); + } + + ext4_ext_drop_refs(path); +@@ -2941,7 +2944,7 @@ static int ext4_split_extent(handle_t *h + + ext4_ext_show_leaf(inode, path); + out: +- return err ? err : map->m_len; ++ return err ? err : allocated; + } + + #define EXT4_EXT_ZERO_LEN 7 +@@ -3309,6 +3312,7 @@ out: + allocated - map->m_len); + allocated = map->m_len; + } ++ map->m_len = allocated; + + /* + * If we have done fallocate with the offset that is already diff --git a/queue-3.0/series b/queue-3.0/series index 8c0e89c9a5a..3ea5cf3822c 100644 --- a/queue-3.0/series +++ b/queue-3.0/series @@ -28,3 +28,5 @@ mwifiex-fix-potential-out-of-boundary-access-to-ibss-rate-table.patch drm-i915-bounds-check-execbuffer-relocation-count.patch kms-fix-edid-detailed-timing-vsync-parsing.patch mm-hugetlb-fix-total-hugetlbfs-pages-count-when-using-memory-overcommit-accouting.patch +cifs-ignore-everything-in-spnego-blob-after-mechtypes.patch +ext4-fix-the-wrong-number-of-the-allocated-blocks-in-ext4_split_extent.patch