4.9-stable patches

added patches:
	seq_file-disallow-extremely-large-seq-buffer-allocations.patch

diff --git a/queue-4.9/mips-vdso-invalid-gic-access-through-vdso.patch b/queue-4.9/mips-vdso-invalid-gic-access-through-vdso.patch
index c138f76a36172e0675b9acd6c1527c7fa65386ca..6f4431d481d85bc3fd47a0e127bf1c5365bd6f65 100644 (file)
--- a/queue-4.9/mips-vdso-invalid-gic-access-through-vdso.patch
+++ b/queue-4.9/mips-vdso-invalid-gic-access-through-vdso.patch
@@ -44,14 +44,12 @@ Signed-off-by: Martin Fäcknitz <faecknitz@hotsplots.de>
 Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
 Signed-off-by: Sasha Levin <sashal@kernel.org>
 ---
- arch/mips/vdso/vdso.h | 2 +-
+ arch/mips/vdso/vdso.h |    2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
-diff --git a/arch/mips/vdso/vdso.h b/arch/mips/vdso/vdso.h
-index cfb1be441dec..921589b45bc2 100644
 --- a/arch/mips/vdso/vdso.h
 +++ b/arch/mips/vdso/vdso.h
-@@ -81,7 +81,7 @@ static inline const union mips_vdso_data *get_vdso_data(void)
+@@ -81,7 +81,7 @@ static inline const union mips_vdso_data
  
  static inline void __iomem *get_gic(const union mips_vdso_data *data)
  {
@@ -60,6 +58,3 @@ index cfb1be441dec..921589b45bc2 100644
  }
  
  #endif /* CONFIG_CLKSRC_MIPS_GIC */
--- 
-2.30.2
-

diff --git a/queue-4.9/seq_file-disallow-extremely-large-seq-buffer-allocations.patch b/queue-4.9/seq_file-disallow-extremely-large-seq-buffer-allocations.patch
new file mode 100644 (file)
index 0000000..ef8b538
--- /dev/null
+++ b/queue-4.9/seq_file-disallow-extremely-large-seq-buffer-allocations.patch
@@ -0,0 +1,40 @@
+From 8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b Mon Sep 17 00:00:00 2001
+From: Eric Sandeen <sandeen@redhat.com>
+Date: Tue, 13 Jul 2021 17:49:23 +0200
+Subject: seq_file: disallow extremely large seq buffer allocations
+
+From: Eric Sandeen <sandeen@redhat.com>
+
+commit 8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b upstream.
+
+There is no reasonable need for a buffer larger than this, and it avoids
+int overflow pitfalls.
+
+Fixes: 058504edd026 ("fs/seq_file: fallback to vmalloc allocation")
+Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
+Reported-by: Qualys Security Advisory <qsa@qualys.com>
+Signed-off-by: Eric Sandeen <sandeen@redhat.com>
+Cc: stable@kernel.org
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/seq_file.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/fs/seq_file.c b/fs/seq_file.c
+index b117b212ef28..4a2cda04d3e2 100644
+--- a/fs/seq_file.c
++++ b/fs/seq_file.c
+@@ -32,6 +32,9 @@ static void seq_set_overflow(struct seq_file *m)
+ 
+ static void *seq_buf_alloc(unsigned long size)
+ {
++      if (unlikely(size > MAX_RW_COUNT))
++              return NULL;
++
+       return kvmalloc(size, GFP_KERNEL_ACCOUNT);
+ }
+ 
+-- 
+2.32.0
+

diff --git a/queue-4.9/series b/queue-4.9/series
index ed128577024c68b8013f02f344a4d733d2e28e92..8ca3b0093c8c8418f32066090688a5492c305cc5 100644 (file)
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -243,3 +243,4 @@ scsi-be2iscsi-fix-an-error-handling-path-in-beiscsi_.patch
 mips-always-link-byteswap-helpers-into-decompressor.patch
 mips-disable-branch-profiling-in-boot-decompress.o.patch
 mips-vdso-invalid-gic-access-through-vdso.patch
+seq_file-disallow-extremely-large-seq-buffer-allocations.patch