From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 23 May 2018 17:23:36 +0000 (+0200)
Subject: 4.4-stable patches
X-Git-Tag: v3.18.110~22
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=742ee9b361ea148deb3e0a1650babeb3c75d6b55;p=thirdparty%2Fkernel%2Fstable-queue.git

4.4-stable patches

added patches:
	ext2-fix-a-block-leak.patch
---

diff --git a/queue-4.4/ext2-fix-a-block-leak.patch b/queue-4.4/ext2-fix-a-block-leak.patch
new file mode 100644
index 00000000000..c51219a837d
--- /dev/null
+++ b/queue-4.4/ext2-fix-a-block-leak.patch
@@ -0,0 +1,49 @@
+From 5aa1437d2d9a068c0334bd7c9dafa8ec4f97f13b Mon Sep 17 00:00:00 2001
+From: Al Viro <viro@zeniv.linux.org.uk>
+Date: Thu, 17 May 2018 17:18:30 -0400
+Subject: ext2: fix a block leak
+
+From: Al Viro <viro@zeniv.linux.org.uk>
+
+commit 5aa1437d2d9a068c0334bd7c9dafa8ec4f97f13b upstream.
+
+open file, unlink it, then use ioctl(2) to make it immutable or
+append only.  Now close it and watch the blocks *not* freed...
+
+Immutable/append-only checks belong in ->setattr().
+Note: the bug is old and backport to anything prior to 737f2e93b972
+("ext2: convert to use the new truncate convention") will need
+these checks lifted into ext2_setattr().
+
+Cc: stable@kernel.org
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext2/inode.c |   10 ----------
+ 1 file changed, 10 deletions(-)
+
+--- a/fs/ext2/inode.c
++++ b/fs/ext2/inode.c
+@@ -1175,21 +1175,11 @@ do_indirects:
+ 
+ static void ext2_truncate_blocks(struct inode *inode, loff_t offset)
+ {
+-	/*
+-	 * XXX: it seems like a bug here that we don't allow
+-	 * IS_APPEND inode to have blocks-past-i_size trimmed off.
+-	 * review and fix this.
+-	 *
+-	 * Also would be nice to be able to handle IO errors and such,
+-	 * but that's probably too much to ask.
+-	 */
+ 	if (!(S_ISREG(inode->i_mode) || S_ISDIR(inode->i_mode) ||
+ 	    S_ISLNK(inode->i_mode)))
+ 		return;
+ 	if (ext2_inode_is_fast_symlink(inode))
+ 		return;
+-	if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
+-		return;
+ 
+ 	dax_sem_down_write(EXT2_I(inode));
+ 	__ext2_truncate_blocks(inode, offset);
diff --git a/queue-4.4/series b/queue-4.4/series
index 08c8841aba0..6c4d05adb4e 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -72,3 +72,4 @@ net-test-tailroom-before-appending-to-linear-skb.patch
 packet-in-packet_snd-start-writing-at-link-layer-allocation.patch
 sock_diag-fix-use-after-free-read-in-__sk_free.patch
 tcp-purge-write-queue-in-tcp_connect_init.patch
+ext2-fix-a-block-leak.patch