From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 20 Jul 2021 12:25:42 +0000 (+0200)
Subject: 4.19-stable patches
X-Git-Tag: v5.13.4~6
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6a4a7491b43bcac9bc6e624e6d5d7da8b9b6f2c4;p=thirdparty%2Fkernel%2Fstable-queue.git

4.19-stable patches

added patches:
	seq_file-disallow-extremely-large-seq-buffer-allocations.patch
---

diff --git a/queue-4.19/seq_file-disallow-extremely-large-seq-buffer-allocations.patch b/queue-4.19/seq_file-disallow-extremely-large-seq-buffer-allocations.patch
new file mode 100644
index 00000000000..e74cabbb32d
--- /dev/null
+++ b/queue-4.19/seq_file-disallow-extremely-large-seq-buffer-allocations.patch
@@ -0,0 +1,35 @@
+From 8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b Mon Sep 17 00:00:00 2001
+From: Eric Sandeen <sandeen@redhat.com>
+Date: Tue, 13 Jul 2021 17:49:23 +0200
+Subject: seq_file: disallow extremely large seq buffer allocations
+
+From: Eric Sandeen <sandeen@redhat.com>
+
+commit 8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b upstream.
+
+There is no reasonable need for a buffer larger than this, and it avoids
+int overflow pitfalls.
+
+Fixes: 058504edd026 ("fs/seq_file: fallback to vmalloc allocation")
+Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
+Reported-by: Qualys Security Advisory <qsa@qualys.com>
+Signed-off-by: Eric Sandeen <sandeen@redhat.com>
+Cc: stable@kernel.org
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/seq_file.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/fs/seq_file.c
++++ b/fs/seq_file.c
+@@ -29,6 +29,9 @@ static void seq_set_overflow(struct seq_
+ 
+ static void *seq_buf_alloc(unsigned long size)
+ {
++	if (unlikely(size > MAX_RW_COUNT))
++		return NULL;
++
+ 	return kvmalloc(size, GFP_KERNEL_ACCOUNT);
+ }
+ 
diff --git a/queue-4.19/series b/queue-4.19/series
index 68bbfe0e2e6..10e3caaf403 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -417,3 +417,4 @@ mips-disable-branch-profiling-in-boot-decompress.o.patch
 mips-vdso-invalid-gic-access-through-vdso.patch
 net-bridge-multicast-fix-pim-hello-router-port-marking-race.patch
 scsi-scsi_dh_alua-fix-signedness-bug-in-alua_rtpg.patch
+seq_file-disallow-extremely-large-seq-buffer-allocations.patch