From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 1 Aug 2012 19:18:55 +0000 (-0700)
Subject: 3.0-stable patches
X-Git-Tag: v3.0.39~2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4afbd4afbc096a99ab2325975bed896272045c27;p=thirdparty%2Fkernel%2Fstable-queue.git

3.0-stable patches

added patches:
	locks-fix-checking-of-fcntl_setlease-argument.patch
---

diff --git a/queue-3.0/locks-fix-checking-of-fcntl_setlease-argument.patch b/queue-3.0/locks-fix-checking-of-fcntl_setlease-argument.patch
new file mode 100644
index 00000000000..b8a6d64d2a3
--- /dev/null
+++ b/queue-3.0/locks-fix-checking-of-fcntl_setlease-argument.patch
@@ -0,0 +1,55 @@
+From 0ec4f431eb56d633da3a55da67d5c4b88886ccc7 Mon Sep 17 00:00:00 2001
+From: "J. Bruce Fields" <bfields@fieldses.org>
+Date: Mon, 23 Jul 2012 15:17:17 -0400
+Subject: locks: fix checking of fcntl_setlease argument
+
+From: "J. Bruce Fields" <bfields@fieldses.org>
+
+commit 0ec4f431eb56d633da3a55da67d5c4b88886ccc7 upstream.
+
+The only checks of the long argument passed to fcntl(fd,F_SETLEASE,.)
+are done after converting the long to an int.  Thus some illegal values
+may be let through and cause problems in later code.
+
+[ They actually *don't* cause problems in mainline, as of Dave Jones's
+  commit 8d657eb3b438 "Remove easily user-triggerable BUG from
+  generic_setlease", but we should fix this anyway.  And this patch will
+  be necessary to fix real bugs on earlier kernels. ]
+
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/locks.c |    6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/fs/locks.c
++++ b/fs/locks.c
+@@ -315,7 +315,7 @@ static int flock_make_lock(struct file *
+ 	return 0;
+ }
+ 
+-static int assign_type(struct file_lock *fl, int type)
++static int assign_type(struct file_lock *fl, long type)
+ {
+ 	switch (type) {
+ 	case F_RDLCK:
+@@ -452,7 +452,7 @@ static const struct lock_manager_operati
+ /*
+  * Initialize a lease, use the default lock manager operations
+  */
+-static int lease_init(struct file *filp, int type, struct file_lock *fl)
++static int lease_init(struct file *filp, long type, struct file_lock *fl)
+  {
+ 	if (assign_type(fl, type) != 0)
+ 		return -EINVAL;
+@@ -470,7 +470,7 @@ static int lease_init(struct file *filp,
+ }
+ 
+ /* Allocate a file_lock initialised to this type of lease */
+-static struct file_lock *lease_alloc(struct file *filp, int type)
++static struct file_lock *lease_alloc(struct file *filp, long type)
+ {
+ 	struct file_lock *fl = locks_alloc_lock();
+ 	int error = -ENOMEM;
diff --git a/queue-3.0/series b/queue-3.0/series
index 9a4978330a5..f90dd3c392d 100644
--- a/queue-3.0/series
+++ b/queue-3.0/series
@@ -11,3 +11,4 @@ arm-omap2-opp-fix-to-ensure-check-of-right-oppdef-after-bad-one.patch
 alsa-hda-add-support-for-realtek-alc282.patch
 usbdevfs-correct-amount-of-data-copied-to-user-in-processcompl_compat.patch
 usb-gadget-fix-g_ether-interface-link-status.patch
+locks-fix-checking-of-fcntl_setlease-argument.patch