From e6d39499a71eb4235d81b51510cedcbc81f03e02 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 6 Feb 2012 17:26:24 -0800
Subject: [PATCH] 3.0-stable patches

added patches:
	ecryptfs-infinite-loop-due-to-overflow-in-ecryptfs_write.patch
---
 ...op-due-to-overflow-in-ecryptfs_write.patch | 48 +++++++++++++++++++
 queue-3.0/series                              |  1 +
 2 files changed, 49 insertions(+)
 create mode 100644 queue-3.0/ecryptfs-infinite-loop-due-to-overflow-in-ecryptfs_write.patch

diff --git a/queue-3.0/ecryptfs-infinite-loop-due-to-overflow-in-ecryptfs_write.patch b/queue-3.0/ecryptfs-infinite-loop-due-to-overflow-in-ecryptfs_write.patch
new file mode 100644
index 00000000000..c63b7b8b38e
--- /dev/null
+++ b/queue-3.0/ecryptfs-infinite-loop-due-to-overflow-in-ecryptfs_write.patch
@@ -0,0 +1,48 @@
+From 684a3ff7e69acc7c678d1a1394fe9e757993fd34 Mon Sep 17 00:00:00 2001
+From: Li Wang <liwang@nudt.edu.cn>
+Date: Thu, 19 Jan 2012 09:44:36 +0800
+Subject: eCryptfs: Infinite loop due to overflow in ecryptfs_write()
+
+From: Li Wang <liwang@nudt.edu.cn>
+
+commit 684a3ff7e69acc7c678d1a1394fe9e757993fd34 upstream.
+
+ecryptfs_write() can enter an infinite loop when truncating a file to a
+size larger than 4G. This only happens on architectures where size_t is
+represented by 32 bits.
+
+This was caused by a size_t overflow due to it incorrectly being used to
+store the result of a calculation which uses potentially large values of
+type loff_t.
+
+[tyhicks@canonical.com: rewrite subject and commit message]
+Signed-off-by: Li Wang <liwang@nudt.edu.cn>
+Signed-off-by: Yunchuan Wen <wenyunchuan@kylinos.com.cn>
+Reviewed-by: Cong Wang <xiyou.wangcong@gmail.com>
+Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ecryptfs/read_write.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/fs/ecryptfs/read_write.c
++++ b/fs/ecryptfs/read_write.c
+@@ -130,7 +130,7 @@ int ecryptfs_write(struct inode *ecryptf
+ 		pgoff_t ecryptfs_page_idx = (pos >> PAGE_CACHE_SHIFT);
+ 		size_t start_offset_in_page = (pos & ~PAGE_CACHE_MASK);
+ 		size_t num_bytes = (PAGE_CACHE_SIZE - start_offset_in_page);
+-		size_t total_remaining_bytes = ((offset + size) - pos);
++		loff_t total_remaining_bytes = ((offset + size) - pos);
+ 
+ 		if (fatal_signal_pending(current)) {
+ 			rc = -EINTR;
+@@ -141,7 +141,7 @@ int ecryptfs_write(struct inode *ecryptf
+ 			num_bytes = total_remaining_bytes;
+ 		if (pos < offset) {
+ 			/* remaining zeros to write, up to destination offset */
+-			size_t total_remaining_zeros = (offset - pos);
++			loff_t total_remaining_zeros = (offset - pos);
+ 
+ 			if (num_bytes > total_remaining_zeros)
+ 				num_bytes = total_remaining_zeros;
diff --git a/queue-3.0/series b/queue-3.0/series
index 416dafd675f..d2d75efaab7 100644
--- a/queue-3.0/series
+++ b/queue-3.0/series
@@ -28,3 +28,4 @@ drm-i915-displayport-hot-remove-notification-to-audio-driver.patch
 drm-i915-check-acthd-of-all-rings.patch
 drm-i915-fix-tv-out-refresh-rate.patch
 drm-i915-handle-3rd-pipe.patch
+ecryptfs-infinite-loop-due-to-overflow-in-ecryptfs_write.patch
-- 
2.47.3