4.4-stable patches

added patches:
	seq_file-disallow-extremely-large-seq-buffer-allocations.patch

diff --git a/queue-4.4/mips-vdso-invalid-gic-access-through-vdso.patch b/queue-4.4/mips-vdso-invalid-gic-access-through-vdso.patch
index 3d035aa8a8f70a8797b7630ec50b5282cd9384dd..28b81a5230137fc12eedf28113b47f11e4c90ca2 100644 (file)
--- a/queue-4.4/mips-vdso-invalid-gic-access-through-vdso.patch
+++ b/queue-4.4/mips-vdso-invalid-gic-access-through-vdso.patch
@@ -44,14 +44,12 @@ Signed-off-by: Martin Fäcknitz <faecknitz@hotsplots.de>
 Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
 Signed-off-by: Sasha Levin <sashal@kernel.org>
 ---
- arch/mips/vdso/vdso.h | 2 +-
+ arch/mips/vdso/vdso.h |    2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
-diff --git a/arch/mips/vdso/vdso.h b/arch/mips/vdso/vdso.h
-index cfb1be441dec..921589b45bc2 100644
 --- a/arch/mips/vdso/vdso.h
 +++ b/arch/mips/vdso/vdso.h
-@@ -81,7 +81,7 @@ static inline const union mips_vdso_data *get_vdso_data(void)
+@@ -81,7 +81,7 @@ static inline const union mips_vdso_data
  
  static inline void __iomem *get_gic(const union mips_vdso_data *data)
  {
@@ -60,6 +58,3 @@ index cfb1be441dec..921589b45bc2 100644
  }
  
  #endif /* CONFIG_CLKSRC_MIPS_GIC */
--- 
-2.30.2
-

diff --git a/queue-4.4/seq_file-disallow-extremely-large-seq-buffer-allocations.patch b/queue-4.4/seq_file-disallow-extremely-large-seq-buffer-allocations.patch
new file mode 100644 (file)
index 0000000..c9400b3
--- /dev/null
+++ b/queue-4.4/seq_file-disallow-extremely-large-seq-buffer-allocations.patch
@@ -0,0 +1,43 @@
+From 8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b Mon Sep 17 00:00:00 2001
+From: Eric Sandeen <sandeen@redhat.com>
+Date: Tue, 13 Jul 2021 17:49:23 +0200
+Subject: seq_file: disallow extremely large seq buffer allocations
+
+From: Eric Sandeen <sandeen@redhat.com>
+
+commit 8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b upstream.
+
+There is no reasonable need for a buffer larger than this, and it avoids
+int overflow pitfalls.
+
+Fixes: 058504edd026 ("fs/seq_file: fallback to vmalloc allocation")
+Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
+Reported-by: Qualys Security Advisory <qsa@qualys.com>
+Signed-off-by: Eric Sandeen <sandeen@redhat.com>
+Cc: stable@kernel.org
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/seq_file.c |    4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/fs/seq_file.c
++++ b/fs/seq_file.c
+@@ -14,6 +14,7 @@
+ #include <linux/mm.h>
+ #include <linux/printk.h>
+ #include <linux/string_helpers.h>
++#include <linux/pagemap.h>
+ 
+ #include <asm/uaccess.h>
+ #include <asm/page.h>
+@@ -28,6 +29,9 @@ static void *seq_buf_alloc(unsigned long
+       void *buf;
+       gfp_t gfp = GFP_KERNEL;
+ 
++      if (unlikely(size > MAX_RW_COUNT))
++              return NULL;
++
+       /*
+        * For high order allocations, use __GFP_NORETRY to avoid oom-killing -
+        * it's better to fall back to vmalloc() than to kill things.  For small

diff --git a/queue-4.4/series b/queue-4.4/series
index 7a52b41f85d2f850f1419d70c192d9c5bd857bde..33899651e76178332d100637b3546784ed948e2f 100644 (file)
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -186,3 +186,4 @@ memory-fsl_ifc-fix-leak-of-private-memory-on-probe-f.patch
 scsi-be2iscsi-fix-an-error-handling-path-in-beiscsi_.patch
 mips-disable-branch-profiling-in-boot-decompress.o.patch
 mips-vdso-invalid-gic-access-through-vdso.patch
+seq_file-disallow-extremely-large-seq-buffer-allocations.patch