From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 26 Jun 2020 14:04:31 +0000 (+0200)
Subject: 4.4-stable patches
X-Git-Tag: v5.7.7~69
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=81507ea8daa202b6577100c11a1f3e4a854ebe53;p=thirdparty%2Fkernel%2Fstable-queue.git

4.4-stable patches

added patches:
	l2tp-allow-duplicate-session-creation-with-udp.patch
	scsi-scsi_devinfo-handle-non-terminated-strings.patch
---

diff --git a/queue-4.4/l2tp-allow-duplicate-session-creation-with-udp.patch b/queue-4.4/l2tp-allow-duplicate-session-creation-with-udp.patch
new file mode 100644
index 00000000000..087f025e0e2
--- /dev/null
+++ b/queue-4.4/l2tp-allow-duplicate-session-creation-with-udp.patch
@@ -0,0 +1,49 @@
+From 0d0d9a388a858e271bb70e71e99e7fe2a6fd6f64 Mon Sep 17 00:00:00 2001
+From: Ridge Kennedy <ridge.kennedy@alliedtelesis.co.nz>
+Date: Tue, 4 Feb 2020 12:24:00 +1300
+Subject: l2tp: Allow duplicate session creation with UDP
+
+From: Ridge Kennedy <ridge.kennedy@alliedtelesis.co.nz>
+
+commit 0d0d9a388a858e271bb70e71e99e7fe2a6fd6f64 upstream.
+
+In the past it was possible to create multiple L2TPv3 sessions with the
+same session id as long as the sessions belonged to different tunnels.
+The resulting sessions had issues when used with IP encapsulated tunnels,
+but worked fine with UDP encapsulated ones. Some applications began to
+rely on this behaviour to avoid having to negotiate unique session ids.
+
+Some time ago a change was made to require session ids to be unique across
+all tunnels, breaking the applications making use of this "feature".
+
+This change relaxes the duplicate session id check to allow duplicates
+if both of the colliding sessions belong to UDP encapsulated tunnels.
+
+Fixes: dbdbc73b4478 ("l2tp: fix duplicate session creation")
+Signed-off-by: Ridge Kennedy <ridge.kennedy@alliedtelesis.co.nz>
+Acked-by: James Chapman <jchapman@katalix.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Cc: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/l2tp/l2tp_core.c |    7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/net/l2tp/l2tp_core.c
++++ b/net/l2tp/l2tp_core.c
+@@ -351,8 +351,13 @@ int l2tp_session_register(struct l2tp_se
+ 
+ 		spin_lock_bh(&pn->l2tp_session_hlist_lock);
+ 
++		/* IP encap expects session IDs to be globally unique, while
++		 * UDP encap doesn't.
++		 */
+ 		hlist_for_each_entry(session_walk, g_head, global_hlist)
+-			if (session_walk->session_id == session->session_id) {
++			if (session_walk->session_id == session->session_id &&
++			    (session_walk->tunnel->encap == L2TP_ENCAPTYPE_IP ||
++			     tunnel->encap == L2TP_ENCAPTYPE_IP)) {
+ 				err = -EEXIST;
+ 				goto err_tlock_pnlock;
+ 			}
diff --git a/queue-4.4/scsi-scsi_devinfo-handle-non-terminated-strings.patch b/queue-4.4/scsi-scsi_devinfo-handle-non-terminated-strings.patch
new file mode 100644
index 00000000000..4add19a2520
--- /dev/null
+++ b/queue-4.4/scsi-scsi_devinfo-handle-non-terminated-strings.patch
@@ -0,0 +1,44 @@
+From ba69ead9e9e9bb3cec5faf03526c36764ac8942a Mon Sep 17 00:00:00 2001
+From: Martin Wilck <mwilck@suse.com>
+Date: Mon, 27 Nov 2017 23:47:34 +0100
+Subject: scsi: scsi_devinfo: handle non-terminated strings
+
+From: Martin Wilck <mwilck@suse.com>
+
+commit ba69ead9e9e9bb3cec5faf03526c36764ac8942a upstream.
+
+devinfo->vendor and devinfo->model aren't necessarily
+zero-terminated.
+
+Fixes: b8018b973c7c "scsi_devinfo: fixup string compare"
+Signed-off-by: Martin Wilck <mwilck@suse.com>
+Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Cc: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/scsi_devinfo.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/drivers/scsi/scsi_devinfo.c
++++ b/drivers/scsi/scsi_devinfo.c
+@@ -443,7 +443,8 @@ static struct scsi_dev_info_list *scsi_d
+ 			/*
+ 			 * vendor strings must be an exact match
+ 			 */
+-			if (vmax != strlen(devinfo->vendor) ||
++			if (vmax != strnlen(devinfo->vendor,
++					    sizeof(devinfo->vendor)) ||
+ 			    memcmp(devinfo->vendor, vskip, vmax))
+ 				continue;
+ 
+@@ -451,7 +452,7 @@ static struct scsi_dev_info_list *scsi_d
+ 			 * @model specifies the full string, and
+ 			 * must be larger or equal to devinfo->model
+ 			 */
+-			mlen = strlen(devinfo->model);
++			mlen = strnlen(devinfo->model, sizeof(devinfo->model));
+ 			if (mmax < mlen || memcmp(devinfo->model, mskip, mlen))
+ 				continue;
+ 			return devinfo;
diff --git a/queue-4.4/series b/queue-4.4/series
index 42cfd6fb70a..1305d21b2ea 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -75,3 +75,5 @@ e1000e-do-not-wake-up-the-system-via-wol-if-device-w.patch
 sched-rt-net-use-config_preemption.patch.patch
 net-core-device_rename-use-rwsem-instead-of-a-seqcou.patch
 net-revert-pkt_sched-fq-use-proper-locking-in-fq_dump_stats.patch
+scsi-scsi_devinfo-handle-non-terminated-strings.patch
+l2tp-allow-duplicate-session-creation-with-udp.patch