From: Greg Kroah-Hartman Date: Wed, 7 Jan 2015 01:46:44 +0000 (-0800) Subject: delete some broken 3.10 patches X-Git-Tag: v3.10.64~2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=75f03a202a0377a1e1697d315781e1e217df6c69;p=thirdparty%2Fkernel%2Fstable-queue.git delete some broken 3.10 patches --- diff --git a/queue-3.10/audit-restore-audit_loginuid-unset-abi.patch b/queue-3.10/audit-restore-audit_loginuid-unset-abi.patch deleted file mode 100644 index 5aebcc5eda8..00000000000 --- a/queue-3.10/audit-restore-audit_loginuid-unset-abi.patch +++ /dev/null @@ -1,100 +0,0 @@ -From 041d7b98ffe59c59fdd639931dea7d74f9aa9a59 Mon Sep 17 00:00:00 2001 -From: Richard Guy Briggs -Date: Tue, 23 Dec 2014 13:02:04 -0500 -Subject: audit: restore AUDIT_LOGINUID unset ABI - -From: Richard Guy Briggs - -commit 041d7b98ffe59c59fdd639931dea7d74f9aa9a59 upstream. - -A regression was caused by commit 780a7654cee8: - audit: Make testing for a valid loginuid explicit. -(which in turn attempted to fix a regression caused by e1760bd) - -When audit_krule_to_data() fills in the rules to get a listing, there was a -missing clause to convert back from AUDIT_LOGINUID_SET to AUDIT_LOGINUID. - -This broke userspace by not returning the same information that was sent and -expected. - -The rule: - auditctl -a exit,never -F auid=-1 -gives: - auditctl -l - LIST_RULES: exit,never f24=0 syscall=all -when it should give: - LIST_RULES: exit,never auid=-1 (0xffffffff) syscall=all - -Tag it so that it is reported the same way it was set. Create a new -private flags audit_krule field (pflags) to store it that won't interact with -the public one from the API. - -Signed-off-by: Richard Guy Briggs -Signed-off-by: Paul Moore -Signed-off-by: Greg Kroah-Hartman - ---- - include/linux/audit.h | 4 ++++ - kernel/auditfilter.c | 10 ++++++++++ - 2 files changed, 14 insertions(+) - ---- a/include/linux/audit.h -+++ b/include/linux/audit.h -@@ -46,6 +46,7 @@ struct audit_tree; - - struct audit_krule { - int vers_ops; -+ u32 pflags; - u32 flags; - u32 listnr; - u32 action; -@@ -63,6 +64,9 @@ struct audit_krule { - u64 prio; - }; - -+/* Flag to indicate legacy AUDIT_LOGINUID unset usage */ -+#define AUDIT_LOGINUID_LEGACY 0x1 -+ - struct audit_field { - u32 type; - u32 val; ---- a/kernel/auditfilter.c -+++ b/kernel/auditfilter.c -@@ -426,6 +426,7 @@ static struct audit_entry *audit_data_to - if ((f->type == AUDIT_LOGINUID) && (f->val == 4294967295)) { - f->type = AUDIT_LOGINUID_SET; - f->val = 0; -+ entry->rule.pflags |= AUDIT_LOGINUID_LEGACY; - } - - err = audit_field_valid(entry, f); -@@ -601,6 +602,13 @@ static struct audit_rule_data *audit_kru - data->buflen += data->values[i] = - audit_pack_string(&bufp, krule->filterkey); - break; -+ case AUDIT_LOGINUID_SET: -+ if (krule->pflags & AUDIT_LOGINUID_LEGACY && !f->val) { -+ data->fields[i] = AUDIT_LOGINUID; -+ data->values[i] = AUDIT_UID_UNSET; -+ break; -+ } -+ /* fallthrough if set */ - default: - data->values[i] = f->val; - } -@@ -617,6 +625,7 @@ static int audit_compare_rule(struct aud - int i; - - if (a->flags != b->flags || -+ a->pflags != b->pflags || - a->listnr != b->listnr || - a->action != b->action || - a->field_count != b->field_count) -@@ -735,6 +744,7 @@ struct audit_entry *audit_dupe_rule(stru - new = &entry->rule; - new->vers_ops = old->vers_ops; - new->flags = old->flags; -+ new->pflags = old->pflags; - new->listnr = old->listnr; - new->action = old->action; - for (i = 0; i < AUDIT_BITMASK_SIZE; i++) diff --git a/queue-3.10/series b/queue-3.10/series index d9d7274864a..1fa8a2ed8ad 100644 --- a/queue-3.10/series +++ b/queue-3.10/series @@ -28,14 +28,10 @@ userns-rename-id_map_mutex-to-userns_state_mutex.patch userns-add-a-knob-to-disable-setgroups-on-a-per-user-namespace-basis.patch userns-allow-setting-gid_maps-without-privilege-when-setgroups-is-disabled.patch userns-unbreak-the-unprivileged-remount-tests.patch -audit-restore-audit_loginuid-unset-abi.patch crypto-af_alg-fix-backlog-handling.patch ncpfs-return-proper-error-from-ncp_ioc_setroot-ioctl.patch exit-pidns-alloc_pid-leaks-pid_namespace-if-child_reaper-is-exiting.patch -udf-check-path-length-when-reading-symlink.patch -udf-verify-i_size-when-loading-inode.patch udf-verify-symlink-size-before-loading-it.patch -udf-check-component-length-before-reading-it.patch ecryptfs-force-ro-mount-when-encrypted-view-is-enabled.patch ecryptfs-remove-buggy-and-unnecessary-write-in-file-name-decode-routine.patch btrfs-do-not-move-em-to-modified-list-when-unpinning.patch diff --git a/queue-3.10/udf-check-component-length-before-reading-it.patch b/queue-3.10/udf-check-component-length-before-reading-it.patch deleted file mode 100644 index 157bfecf68f..00000000000 --- a/queue-3.10/udf-check-component-length-before-reading-it.patch +++ /dev/null @@ -1,61 +0,0 @@ -From e237ec37ec154564f8690c5bd1795339955eeef9 Mon Sep 17 00:00:00 2001 -From: Jan Kara -Date: Fri, 19 Dec 2014 14:27:55 +0100 -Subject: udf: Check component length before reading it - -From: Jan Kara - -commit e237ec37ec154564f8690c5bd1795339955eeef9 upstream. - -Check that length specified in a component of a symlink fits in the -input buffer we are reading. Also properly ignore component length for -component types that do not use it. Otherwise we read memory after end -of buffer for corrupted udf image. - -Reported-by: Carl Henrik Lunde -Signed-off-by: Jan Kara -Signed-off-by: Greg Kroah-Hartman - ---- - fs/udf/symlink.c | 9 +++++++-- - 1 file changed, 7 insertions(+), 2 deletions(-) - ---- a/fs/udf/symlink.c -+++ b/fs/udf/symlink.c -@@ -42,14 +42,17 @@ static int udf_pc_to_char(struct super_b - tolen--; - while (elen < fromlen) { - pc = (struct pathComponent *)(from + elen); -+ elen += sizeof(struct pathComponent); - switch (pc->componentType) { - case 1: - /* - * Symlink points to some place which should be agreed - * upon between originator and receiver of the media. Ignore. - */ -- if (pc->lengthComponentIdent > 0) -+ if (pc->lengthComponentIdent > 0) { -+ elen += pc->lengthComponentIdent; - break; -+ } - /* Fall through */ - case 2: - if (tolen == 0) -@@ -74,6 +77,9 @@ static int udf_pc_to_char(struct super_b - /* that would be . - just ignore */ - break; - case 5: -+ elen += pc->lengthComponentIdent; -+ if (elen > fromlen) -+ return -EIO; - comp_len = udf_get_filename(sb, pc->componentIdent, - pc->lengthComponentIdent, - p, tolen); -@@ -85,7 +91,6 @@ static int udf_pc_to_char(struct super_b - tolen--; - break; - } -- elen += sizeof(struct pathComponent) + pc->lengthComponentIdent; - } - if (p > to + 1) - p[-1] = '\0'; diff --git a/queue-3.10/udf-check-path-length-when-reading-symlink.patch b/queue-3.10/udf-check-path-length-when-reading-symlink.patch deleted file mode 100644 index eeefd9588c8..00000000000 --- a/queue-3.10/udf-check-path-length-when-reading-symlink.patch +++ /dev/null @@ -1,227 +0,0 @@ -From 0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14 Mon Sep 17 00:00:00 2001 -From: Jan Kara -Date: Thu, 18 Dec 2014 22:37:50 +0100 -Subject: udf: Check path length when reading symlink - -From: Jan Kara - -commit 0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14 upstream. - -Symlink reading code does not check whether the resulting path fits into -the page provided by the generic code. This isn't as easy as just -checking the symlink size because of various encoding conversions we -perform on path. So we have to check whether there is still enough space -in the buffer on the fly. - -Reported-by: Carl Henrik Lunde -Signed-off-by: Jan Kara -Signed-off-by: Greg Kroah-Hartman - ---- - fs/udf/dir.c | 2 ++ - fs/udf/namei.c | 3 ++- - fs/udf/symlink.c | 31 ++++++++++++++++++++++++++----- - fs/udf/udfdecl.h | 3 ++- - fs/udf/unicode.c | 28 ++++++++++++++++------------ - 5 files changed, 48 insertions(+), 19 deletions(-) - ---- a/fs/udf/dir.c -+++ b/fs/udf/dir.c -@@ -164,6 +164,8 @@ static int do_udf_readdir(struct inode * - - iblock = udf_get_lb_pblock(dir->i_sb, &tloc, 0); - flen = udf_get_filename(dir->i_sb, nameptr, fname, lfi); -+ flen = udf_get_filename(dir->i_sb, nameptr, lfi, fname, -+ UDF_NAME_LEN); - dt_type = DT_UNKNOWN; - } - ---- a/fs/udf/namei.c -+++ b/fs/udf/namei.c -@@ -233,7 +233,8 @@ static struct fileIdentDesc *udf_find_en - if (!lfi) - continue; - -- flen = udf_get_filename(dir->i_sb, nameptr, fname, lfi); -+ flen = udf_get_filename(dir->i_sb, nameptr, lfi, fname, -+ UDF_NAME_LEN); - if (flen && udf_match(flen, fname, child->len, child->name)) - goto out_ok; - } ---- a/fs/udf/symlink.c -+++ b/fs/udf/symlink.c -@@ -30,13 +30,16 @@ - #include - #include "udf_i.h" - --static void udf_pc_to_char(struct super_block *sb, unsigned char *from, -- int fromlen, unsigned char *to) -+static int udf_pc_to_char(struct super_block *sb, unsigned char *from, -+ int fromlen, unsigned char *to, int tolen) - { - struct pathComponent *pc; - int elen = 0; -+ int comp_len; - unsigned char *p = to; - -+ /* Reserve one byte for terminating \0 */ -+ tolen--; - while (elen < fromlen) { - pc = (struct pathComponent *)(from + elen); - switch (pc->componentType) { -@@ -49,22 +52,37 @@ static void udf_pc_to_char(struct super_ - break; - /* Fall through */ - case 2: -+ if (tolen == 0) -+ return -ENAMETOOLONG; - p = to; - *p++ = '/'; -+ tolen--; - break; - case 3: -+ if (tolen < 3) -+ return -ENAMETOOLONG; - memcpy(p, "../", 3); - p += 3; -+ tolen -= 3; - break; - case 4: -+ if (tolen < 2) -+ return -ENAMETOOLONG; - memcpy(p, "./", 2); - p += 2; -+ tolen -= 2; - /* that would be . - just ignore */ - break; - case 5: -- p += udf_get_filename(sb, pc->componentIdent, p, -- pc->lengthComponentIdent); -+ comp_len = udf_get_filename(sb, pc->componentIdent, -+ pc->lengthComponentIdent, -+ p, tolen); -+ p += comp_len; -+ tolen -= comp_len; -+ if (tolen == 0) -+ return -ENAMETOOLONG; - *p++ = '/'; -+ tolen--; - break; - } - elen += sizeof(struct pathComponent) + pc->lengthComponentIdent; -@@ -73,6 +91,7 @@ static void udf_pc_to_char(struct super_ - p[-1] = '\0'; - else - p[0] = '\0'; -+ return 0; - } - - static int udf_symlink_filler(struct file *file, struct page *page) -@@ -100,8 +119,10 @@ static int udf_symlink_filler(struct fil - symlink = bh->b_data; - } - -- udf_pc_to_char(inode->i_sb, symlink, inode->i_size, p); -+ err = udf_pc_to_char(inode->i_sb, symlink, inode->i_size, p, PAGE_SIZE); - brelse(bh); -+ if (err) -+ goto out_unlock_inode; - - up_read(&iinfo->i_data_sem); - SetPageUptodate(page); ---- a/fs/udf/udfdecl.h -+++ b/fs/udf/udfdecl.h -@@ -201,7 +201,8 @@ udf_get_lb_pblock(struct super_block *sb - } - - /* unicode.c */ --extern int udf_get_filename(struct super_block *, uint8_t *, uint8_t *, int); -+extern int udf_get_filename(struct super_block *, uint8_t *, int, uint8_t *, -+ int); - extern int udf_put_filename(struct super_block *, const uint8_t *, uint8_t *, - int); - extern int udf_build_ustr(struct ustr *, dstring *, int); ---- a/fs/udf/unicode.c -+++ b/fs/udf/unicode.c -@@ -28,7 +28,8 @@ - - #include "udf_sb.h" - --static int udf_translate_to_linux(uint8_t *, uint8_t *, int, uint8_t *, int); -+static int udf_translate_to_linux(uint8_t *, int, uint8_t *, int, uint8_t *, -+ int); - - static int udf_char_to_ustr(struct ustr *dest, const uint8_t *src, int strlen) - { -@@ -333,8 +334,8 @@ try_again: - return u_len + 1; - } - --int udf_get_filename(struct super_block *sb, uint8_t *sname, uint8_t *dname, -- int flen) -+int udf_get_filename(struct super_block *sb, uint8_t *sname, int slen, -+ uint8_t *dname, int dlen) - { - struct ustr *filename, *unifilename; - int len = 0; -@@ -347,7 +348,7 @@ int udf_get_filename(struct super_block - if (!unifilename) - goto out1; - -- if (udf_build_ustr_exact(unifilename, sname, flen)) -+ if (udf_build_ustr_exact(unifilename, sname, slen)) - goto out2; - - if (UDF_QUERY_FLAG(sb, UDF_FLAG_UTF8)) { -@@ -366,7 +367,8 @@ int udf_get_filename(struct super_block - } else - goto out2; - -- len = udf_translate_to_linux(dname, filename->u_name, filename->u_len, -+ len = udf_translate_to_linux(dname, dlen, -+ filename->u_name, filename->u_len, - unifilename->u_name, unifilename->u_len); - out2: - kfree(unifilename); -@@ -403,10 +405,12 @@ int udf_put_filename(struct super_block - #define EXT_MARK '.' - #define CRC_MARK '#' - #define EXT_SIZE 5 -+/* Number of chars we need to store generated CRC to make filename unique */ -+#define CRC_LEN 5 - --static int udf_translate_to_linux(uint8_t *newName, uint8_t *udfName, -- int udfLen, uint8_t *fidName, -- int fidNameLen) -+static int udf_translate_to_linux(uint8_t *newName, int newLen, -+ uint8_t *udfName, int udfLen, -+ uint8_t *fidName, int fidNameLen) - { - int index, newIndex = 0, needsCRC = 0; - int extIndex = 0, newExtIndex = 0, hasExt = 0; -@@ -440,7 +444,7 @@ static int udf_translate_to_linux(uint8_ - newExtIndex = newIndex; - } - } -- if (newIndex < 256) -+ if (newIndex < newLen) - newName[newIndex++] = curr; - else - needsCRC = 1; -@@ -468,13 +472,13 @@ static int udf_translate_to_linux(uint8_ - } - ext[localExtIndex++] = curr; - } -- maxFilenameLen = 250 - localExtIndex; -+ maxFilenameLen = newLen - CRC_LEN - localExtIndex; - if (newIndex > maxFilenameLen) - newIndex = maxFilenameLen; - else - newIndex = newExtIndex; -- } else if (newIndex > 250) -- newIndex = 250; -+ } else if (newIndex > newLen - CRC_LEN) -+ newIndex = newLen - CRC_LEN; - newName[newIndex++] = CRC_MARK; - valueCRC = crc_itu_t(0, fidName, fidNameLen); - newName[newIndex++] = hexChar[(valueCRC & 0xf000) >> 12]; diff --git a/queue-3.10/udf-verify-i_size-when-loading-inode.patch b/queue-3.10/udf-verify-i_size-when-loading-inode.patch deleted file mode 100644 index 149f92549a0..00000000000 --- a/queue-3.10/udf-verify-i_size-when-loading-inode.patch +++ /dev/null @@ -1,44 +0,0 @@ -From e159332b9af4b04d882dbcfe1bb0117f0a6d4b58 Mon Sep 17 00:00:00 2001 -From: Jan Kara -Date: Fri, 19 Dec 2014 12:03:53 +0100 -Subject: udf: Verify i_size when loading inode - -From: Jan Kara - -commit e159332b9af4b04d882dbcfe1bb0117f0a6d4b58 upstream. - -Verify that inode size is sane when loading inode with data stored in -ICB. Otherwise we may get confused later when working with the inode and -inode size is too big. - -Reported-by: Carl Henrik Lunde -Signed-off-by: Jan Kara -Signed-off-by: Greg Kroah-Hartman - ---- - fs/udf/inode.c | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - ---- a/fs/udf/inode.c -+++ b/fs/udf/inode.c -@@ -1495,6 +1495,20 @@ static void udf_fill_inode(struct inode - iinfo->i_checkpoint = le32_to_cpu(efe->checkpoint); - } - -+ /* Sanity checks for files in ICB so that we don't get confused later */ -+ if (iinfo->i_alloc_type == ICBTAG_FLAG_AD_IN_ICB) { -+ /* -+ * For file in ICB data is stored in allocation descriptor -+ * so sizes should match -+ */ -+ if (iinfo->i_lenAlloc != inode->i_size) -+ goto out; -+ /* File in ICB has to fit in there... */ -+ if (inode->i_size > inode->i_sb->s_blocksize - -+ udf_file_entry_alloc_offset(inode)) -+ goto out; -+ } -+ - switch (fe->icbTag.fileType) { - case ICBTAG_FILE_TYPE_DIRECTORY: - inode->i_op = &udf_dir_inode_operations; diff --git a/queue-3.10/udf-verify-symlink-size-before-loading-it.patch b/queue-3.10/udf-verify-symlink-size-before-loading-it.patch index 483ed63907a..adb03414148 100644 --- a/queue-3.10/udf-verify-symlink-size-before-loading-it.patch +++ b/queue-3.10/udf-verify-symlink-size-before-loading-it.patch @@ -21,7 +21,7 @@ Signed-off-by: Greg Kroah-Hartman --- a/fs/udf/symlink.c +++ b/fs/udf/symlink.c -@@ -99,11 +99,17 @@ static int udf_symlink_filler(struct fil +@@ -80,11 +80,17 @@ static int udf_symlink_filler(struct fil struct inode *inode = page->mapping->host; struct buffer_head *bh = NULL; unsigned char *symlink; @@ -40,7 +40,7 @@ Signed-off-by: Greg Kroah-Hartman iinfo = UDF_I(inode); pos = udf_block_map(inode, 0); -@@ -113,8 +119,10 @@ static int udf_symlink_filler(struct fil +@@ -94,8 +100,10 @@ static int udf_symlink_filler(struct fil } else { bh = sb_bread(inode->i_sb, pos); @@ -53,7 +53,7 @@ Signed-off-by: Greg Kroah-Hartman symlink = bh->b_data; } -@@ -130,9 +138,10 @@ static int udf_symlink_filler(struct fil +@@ -109,9 +117,10 @@ static int udf_symlink_filler(struct fil unlock_page(page); return 0;