From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 26 Apr 2022 06:44:03 +0000 (+0200)
Subject: 5.10-stable patches
X-Git-Tag: v4.9.312~9
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=72f758f460cbe1b1ac9d7115c3e232c938079a63;p=thirdparty%2Fkernel%2Fstable-queue.git

5.10-stable patches

added patches:
	block-compat_ioctl-fix-range-check-in-blkgetsize.patch
---

diff --git a/queue-5.10/block-compat_ioctl-fix-range-check-in-blkgetsize.patch b/queue-5.10/block-compat_ioctl-fix-range-check-in-blkgetsize.patch
new file mode 100644
index 00000000000..539ab91d6a4
--- /dev/null
+++ b/queue-5.10/block-compat_ioctl-fix-range-check-in-blkgetsize.patch
@@ -0,0 +1,36 @@
+From ccf16413e520164eb718cf8b22a30438da80ff23 Mon Sep 17 00:00:00 2001
+From: Khazhismel Kumykov <khazhy@google.com>
+Date: Thu, 14 Apr 2022 15:40:56 -0700
+Subject: block/compat_ioctl: fix range check in BLKGETSIZE
+
+From: Khazhismel Kumykov <khazhy@google.com>
+
+commit ccf16413e520164eb718cf8b22a30438da80ff23 upstream.
+
+kernel ulong and compat_ulong_t may not be same width. Use type directly
+to eliminate mismatches.
+
+This would result in truncation rather than EFBIG for 32bit mode for
+large disks.
+
+Reviewed-by: Bart Van Assche <bvanassche@acm.org>
+Signed-off-by: Khazhismel Kumykov <khazhy@google.com>
+Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
+Link: https://lore.kernel.org/r/20220414224056.2875681-1-khazhy@google.com
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ block/ioctl.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/block/ioctl.c
++++ b/block/ioctl.c
+@@ -679,7 +679,7 @@ long compat_blkdev_ioctl(struct file *fi
+ 			       (bdev->bd_bdi->ra_pages * PAGE_SIZE) / 512);
+ 	case BLKGETSIZE:
+ 		size = i_size_read(bdev->bd_inode);
+-		if ((size >> 9) > ~0UL)
++		if ((size >> 9) > ~(compat_ulong_t)0)
+ 			return -EFBIG;
+ 		return compat_put_ulong(argp, size >> 9);
+ 
diff --git a/queue-5.10/series b/queue-5.10/series
index 2a4d3bb5ee1..6cb72050b47 100644
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -82,3 +82,4 @@ can-isotp-stop-timeout-monitoring-when-no-first-frame-was-sent.patch
 jbd2-fix-a-potential-race-while-discarding-reserved-buffers-after-an-abort.patch
 spi-atmel-quadspi-fix-the-buswidth-adjustment-between-spi-mem-and-controller.patch
 staging-ion-prevent-incorrect-reference-counting-behavour.patch
+block-compat_ioctl-fix-range-check-in-blkgetsize.patch