From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 20 Jul 2021 12:24:52 +0000 (+0200)
Subject: 4.4-stable patches
X-Git-Tag: v5.13.4~9
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=195d24a6105af8cd99bc11600242ef5b64ce0418;p=thirdparty%2Fkernel%2Fstable-queue.git

4.4-stable patches

added patches:
	seq_file-disallow-extremely-large-seq-buffer-allocations.patch
---

diff --git a/queue-4.4/mips-vdso-invalid-gic-access-through-vdso.patch b/queue-4.4/mips-vdso-invalid-gic-access-through-vdso.patch
index 3d035aa8a8f..28b81a52301 100644
--- a/queue-4.4/mips-vdso-invalid-gic-access-through-vdso.patch
+++ b/queue-4.4/mips-vdso-invalid-gic-access-through-vdso.patch
@@ -44,14 +44,12 @@ Signed-off-by: Martin Fäcknitz <faecknitz@hotsplots.de>
 Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
 Signed-off-by: Sasha Levin <sashal@kernel.org>
 ---
- arch/mips/vdso/vdso.h | 2 +-
+ arch/mips/vdso/vdso.h |    2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
-diff --git a/arch/mips/vdso/vdso.h b/arch/mips/vdso/vdso.h
-index cfb1be441dec..921589b45bc2 100644
 --- a/arch/mips/vdso/vdso.h
 +++ b/arch/mips/vdso/vdso.h
-@@ -81,7 +81,7 @@ static inline const union mips_vdso_data *get_vdso_data(void)
+@@ -81,7 +81,7 @@ static inline const union mips_vdso_data
  
  static inline void __iomem *get_gic(const union mips_vdso_data *data)
  {
@@ -60,6 +58,3 @@ index cfb1be441dec..921589b45bc2 100644
  }
  
  #endif /* CONFIG_CLKSRC_MIPS_GIC */
--- 
-2.30.2
-
diff --git a/queue-4.4/seq_file-disallow-extremely-large-seq-buffer-allocations.patch b/queue-4.4/seq_file-disallow-extremely-large-seq-buffer-allocations.patch
new file mode 100644
index 00000000000..c9400b35006
--- /dev/null
+++ b/queue-4.4/seq_file-disallow-extremely-large-seq-buffer-allocations.patch
@@ -0,0 +1,43 @@
+From 8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b Mon Sep 17 00:00:00 2001
+From: Eric Sandeen <sandeen@redhat.com>
+Date: Tue, 13 Jul 2021 17:49:23 +0200
+Subject: seq_file: disallow extremely large seq buffer allocations
+
+From: Eric Sandeen <sandeen@redhat.com>
+
+commit 8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b upstream.
+
+There is no reasonable need for a buffer larger than this, and it avoids
+int overflow pitfalls.
+
+Fixes: 058504edd026 ("fs/seq_file: fallback to vmalloc allocation")
+Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
+Reported-by: Qualys Security Advisory <qsa@qualys.com>
+Signed-off-by: Eric Sandeen <sandeen@redhat.com>
+Cc: stable@kernel.org
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/seq_file.c |    4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/fs/seq_file.c
++++ b/fs/seq_file.c
+@@ -14,6 +14,7 @@
+ #include <linux/mm.h>
+ #include <linux/printk.h>
+ #include <linux/string_helpers.h>
++#include <linux/pagemap.h>
+ 
+ #include <asm/uaccess.h>
+ #include <asm/page.h>
+@@ -28,6 +29,9 @@ static void *seq_buf_alloc(unsigned long
+ 	void *buf;
+ 	gfp_t gfp = GFP_KERNEL;
+ 
++	if (unlikely(size > MAX_RW_COUNT))
++		return NULL;
++
+ 	/*
+ 	 * For high order allocations, use __GFP_NORETRY to avoid oom-killing -
+ 	 * it's better to fall back to vmalloc() than to kill things.  For small
diff --git a/queue-4.4/series b/queue-4.4/series
index 7a52b41f85d..33899651e76 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -186,3 +186,4 @@ memory-fsl_ifc-fix-leak-of-private-memory-on-probe-f.patch
 scsi-be2iscsi-fix-an-error-handling-path-in-beiscsi_.patch
 mips-disable-branch-profiling-in-boot-decompress.o.patch
 mips-vdso-invalid-gic-access-through-vdso.patch
+seq_file-disallow-extremely-large-seq-buffer-allocations.patch