From: Greg Kroah-Hartman Date: Tue, 20 Jul 2021 12:25:08 +0000 (+0200) Subject: 4.9-stable patches X-Git-Tag: v5.13.4~8 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=dc6605643b75ef94c7f7ba9ca97cd6a3babc5a43;p=thirdparty%2Fkernel%2Fstable-queue.git 4.9-stable patches added patches: seq_file-disallow-extremely-large-seq-buffer-allocations.patch --- diff --git a/queue-4.9/mips-vdso-invalid-gic-access-through-vdso.patch b/queue-4.9/mips-vdso-invalid-gic-access-through-vdso.patch index c138f76a361..6f4431d481d 100644 --- a/queue-4.9/mips-vdso-invalid-gic-access-through-vdso.patch +++ b/queue-4.9/mips-vdso-invalid-gic-access-through-vdso.patch @@ -44,14 +44,12 @@ Signed-off-by: Martin Fäcknitz Signed-off-by: Thomas Bogendoerfer Signed-off-by: Sasha Levin --- - arch/mips/vdso/vdso.h | 2 +- + arch/mips/vdso/vdso.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/arch/mips/vdso/vdso.h b/arch/mips/vdso/vdso.h -index cfb1be441dec..921589b45bc2 100644 --- a/arch/mips/vdso/vdso.h +++ b/arch/mips/vdso/vdso.h -@@ -81,7 +81,7 @@ static inline const union mips_vdso_data *get_vdso_data(void) +@@ -81,7 +81,7 @@ static inline const union mips_vdso_data static inline void __iomem *get_gic(const union mips_vdso_data *data) { @@ -60,6 +58,3 @@ index cfb1be441dec..921589b45bc2 100644 } #endif /* CONFIG_CLKSRC_MIPS_GIC */ --- -2.30.2 - diff --git a/queue-4.9/seq_file-disallow-extremely-large-seq-buffer-allocations.patch b/queue-4.9/seq_file-disallow-extremely-large-seq-buffer-allocations.patch new file mode 100644 index 00000000000..ef8b5389331 --- /dev/null +++ b/queue-4.9/seq_file-disallow-extremely-large-seq-buffer-allocations.patch @@ -0,0 +1,40 @@ +From 8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b Mon Sep 17 00:00:00 2001 +From: Eric Sandeen +Date: Tue, 13 Jul 2021 17:49:23 +0200 +Subject: seq_file: disallow extremely large seq buffer allocations + +From: Eric Sandeen + +commit 8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b upstream. + +There is no reasonable need for a buffer larger than this, and it avoids +int overflow pitfalls. + +Fixes: 058504edd026 ("fs/seq_file: fallback to vmalloc allocation") +Suggested-by: Al Viro +Reported-by: Qualys Security Advisory +Signed-off-by: Eric Sandeen +Cc: stable@kernel.org +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + fs/seq_file.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/fs/seq_file.c b/fs/seq_file.c +index b117b212ef28..4a2cda04d3e2 100644 +--- a/fs/seq_file.c ++++ b/fs/seq_file.c +@@ -32,6 +32,9 @@ static void seq_set_overflow(struct seq_file *m) + + static void *seq_buf_alloc(unsigned long size) + { ++ if (unlikely(size > MAX_RW_COUNT)) ++ return NULL; ++ + return kvmalloc(size, GFP_KERNEL_ACCOUNT); + } + +-- +2.32.0 + diff --git a/queue-4.9/series b/queue-4.9/series index ed128577024..8ca3b0093c8 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -243,3 +243,4 @@ scsi-be2iscsi-fix-an-error-handling-path-in-beiscsi_.patch mips-always-link-byteswap-helpers-into-decompressor.patch mips-disable-branch-profiling-in-boot-decompress.o.patch mips-vdso-invalid-gic-access-through-vdso.patch +seq_file-disallow-extremely-large-seq-buffer-allocations.patch