From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sun, 9 Sep 2018 09:15:49 +0000 (+0200)
Subject: update queue-4.4/userns-move-user-access-out-of-the-mutex.patch
X-Git-Tag: v4.14.69~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e9182b7a6103d56ee7517de092c44a29347df793;p=thirdparty%2Fkernel%2Fstable-queue.git

update queue-4.4/userns-move-user-access-out-of-the-mutex.patch
---

diff --git a/queue-4.4/userns-move-user-access-out-of-the-mutex.patch b/queue-4.4/userns-move-user-access-out-of-the-mutex.patch
index 0c7a2364a79..ad60b033dea 100644
--- a/queue-4.4/userns-move-user-access-out-of-the-mutex.patch
+++ b/queue-4.4/userns-move-user-access-out-of-the-mutex.patch
@@ -23,14 +23,17 @@ Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 
 ---
- kernel/user_namespace.c |   22 ++++++++++------------
- 1 file changed, 10 insertions(+), 12 deletions(-)
+ kernel/user_namespace.c |   39 +++++++++++++++++++--------------------
+ 1 file changed, 19 insertions(+), 20 deletions(-)
 
 --- a/kernel/user_namespace.c
 +++ b/kernel/user_namespace.c
-@@ -604,7 +604,16 @@ static ssize_t map_write(struct file *fi
+@@ -602,9 +602,26 @@ static ssize_t map_write(struct file *fi
+ 	struct uid_gid_map new_map;
+ 	unsigned idx;
  	struct uid_gid_extent *extent = NULL;
- 	unsigned long page = 0;
+-	unsigned long page = 0;
++	unsigned long page;
  	char *kbuf, *pos, *next_line;
 -	ssize_t ret = -EINVAL;
 +	ssize_t ret;
@@ -39,17 +42,32 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 +	if ((*ppos != 0) || (count >= PAGE_SIZE))
 +		return -EINVAL;
 +
++	/* Get a buffer */
++	page = __get_free_page(GFP_TEMPORARY);
++	kbuf = (char *) page;
++	if (!page)
++		return -ENOMEM;
++
 +	/* Slurp in the user data */
-+	if (copy_from_user(kbuf, buf, count))
++	if (copy_from_user(kbuf, buf, count)) {
++		free_page(page);
 +		return -EFAULT;
++	}
 +	kbuf[count] = '\0';
  
  	/*
  	 * The userns_state_mutex serializes all writes to any given map.
-@@ -645,17 +654,6 @@ static ssize_t map_write(struct file *fi
- 	if (!page)
+@@ -638,24 +655,6 @@ static ssize_t map_write(struct file *fi
+ 	if (cap_valid(cap_setid) && !file_ns_capable(file, ns, CAP_SYS_ADMIN))
  		goto out;
  
+-	/* Get a buffer */
+-	ret = -ENOMEM;
+-	page = __get_free_page(GFP_TEMPORARY);
+-	kbuf = (char *) page;
+-	if (!page)
+-		goto out;
+-
 -	/* Only allow < page size writes at the beginning of the file */
 -	ret = -EINVAL;
 -	if ((*ppos != 0) || (count >= PAGE_SIZE))