From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 26 Jun 2020 14:04:44 +0000 (+0200)
Subject: 4.9-stable patches
X-Git-Tag: v5.7.7~68
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b8a337c96abb14b8ba82cae7ca0a4b0a54d011fa;p=thirdparty%2Fkernel%2Fstable-queue.git

4.9-stable patches

added patches:
	l2tp-allow-duplicate-session-creation-with-udp.patch
	scsi-scsi_devinfo-handle-non-terminated-strings.patch
---

diff --git a/queue-4.9/l2tp-allow-duplicate-session-creation-with-udp.patch b/queue-4.9/l2tp-allow-duplicate-session-creation-with-udp.patch
new file mode 100644
index 00000000000..087f025e0e2
--- /dev/null
+++ b/queue-4.9/l2tp-allow-duplicate-session-creation-with-udp.patch
@@ -0,0 +1,49 @@
+From 0d0d9a388a858e271bb70e71e99e7fe2a6fd6f64 Mon Sep 17 00:00:00 2001
+From: Ridge Kennedy <ridge.kennedy@alliedtelesis.co.nz>
+Date: Tue, 4 Feb 2020 12:24:00 +1300
+Subject: l2tp: Allow duplicate session creation with UDP
+
+From: Ridge Kennedy <ridge.kennedy@alliedtelesis.co.nz>
+
+commit 0d0d9a388a858e271bb70e71e99e7fe2a6fd6f64 upstream.
+
+In the past it was possible to create multiple L2TPv3 sessions with the
+same session id as long as the sessions belonged to different tunnels.
+The resulting sessions had issues when used with IP encapsulated tunnels,
+but worked fine with UDP encapsulated ones. Some applications began to
+rely on this behaviour to avoid having to negotiate unique session ids.
+
+Some time ago a change was made to require session ids to be unique across
+all tunnels, breaking the applications making use of this "feature".
+
+This change relaxes the duplicate session id check to allow duplicates
+if both of the colliding sessions belong to UDP encapsulated tunnels.
+
+Fixes: dbdbc73b4478 ("l2tp: fix duplicate session creation")
+Signed-off-by: Ridge Kennedy <ridge.kennedy@alliedtelesis.co.nz>
+Acked-by: James Chapman <jchapman@katalix.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Cc: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/l2tp/l2tp_core.c |    7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/net/l2tp/l2tp_core.c
++++ b/net/l2tp/l2tp_core.c
+@@ -351,8 +351,13 @@ int l2tp_session_register(struct l2tp_se
+ 
+ 		spin_lock_bh(&pn->l2tp_session_hlist_lock);
+ 
++		/* IP encap expects session IDs to be globally unique, while
++		 * UDP encap doesn't.
++		 */
+ 		hlist_for_each_entry(session_walk, g_head, global_hlist)
+-			if (session_walk->session_id == session->session_id) {
++			if (session_walk->session_id == session->session_id &&
++			    (session_walk->tunnel->encap == L2TP_ENCAPTYPE_IP ||
++			     tunnel->encap == L2TP_ENCAPTYPE_IP)) {
+ 				err = -EEXIST;
+ 				goto err_tlock_pnlock;
+ 			}
diff --git a/queue-4.9/scsi-scsi_devinfo-handle-non-terminated-strings.patch b/queue-4.9/scsi-scsi_devinfo-handle-non-terminated-strings.patch
new file mode 100644
index 00000000000..9de40fb170c
--- /dev/null
+++ b/queue-4.9/scsi-scsi_devinfo-handle-non-terminated-strings.patch
@@ -0,0 +1,44 @@
+From ba69ead9e9e9bb3cec5faf03526c36764ac8942a Mon Sep 17 00:00:00 2001
+From: Martin Wilck <mwilck@suse.com>
+Date: Mon, 27 Nov 2017 23:47:34 +0100
+Subject: scsi: scsi_devinfo: handle non-terminated strings
+
+From: Martin Wilck <mwilck@suse.com>
+
+commit ba69ead9e9e9bb3cec5faf03526c36764ac8942a upstream.
+
+devinfo->vendor and devinfo->model aren't necessarily
+zero-terminated.
+
+Fixes: b8018b973c7c "scsi_devinfo: fixup string compare"
+Signed-off-by: Martin Wilck <mwilck@suse.com>
+Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Cc: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/scsi_devinfo.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/drivers/scsi/scsi_devinfo.c
++++ b/drivers/scsi/scsi_devinfo.c
+@@ -451,7 +451,8 @@ static struct scsi_dev_info_list *scsi_d
+ 			/*
+ 			 * vendor strings must be an exact match
+ 			 */
+-			if (vmax != strlen(devinfo->vendor) ||
++			if (vmax != strnlen(devinfo->vendor,
++					    sizeof(devinfo->vendor)) ||
+ 			    memcmp(devinfo->vendor, vskip, vmax))
+ 				continue;
+ 
+@@ -459,7 +460,7 @@ static struct scsi_dev_info_list *scsi_d
+ 			 * @model specifies the full string, and
+ 			 * must be larger or equal to devinfo->model
+ 			 */
+-			mlen = strlen(devinfo->model);
++			mlen = strnlen(devinfo->model, sizeof(devinfo->model));
+ 			if (mmax < mlen || memcmp(devinfo->model, mskip, mlen))
+ 				continue;
+ 			return devinfo;
diff --git a/queue-4.9/series b/queue-4.9/series
index 5e2f82bafe7..25484efe102 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -125,3 +125,5 @@ mtd-rawnand-socrates-fix-the-probe-error-path.patch
 mtd-rawnand-plat_nand-fix-the-probe-error-path.patch
 mtd-rawnand-mtk-fix-the-probe-error-path.patch
 mtd-rawnand-tmio-fix-the-probe-error-path.patch
+scsi-scsi_devinfo-handle-non-terminated-strings.patch
+l2tp-allow-duplicate-session-creation-with-udp.patch