Patch "MIPS: Drop spurious __unused in struct compat_flock" has been added to the 4.15-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Mon, 26 Feb 2018 17:19:42 +0100

This is a note to let you know that I've just added the patch titled

    MIPS: Drop spurious __unused in struct compat_flock

to the 4.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     mips-drop-spurious-__unused-in-struct-compat_flock.patch
and it can be found in the queue-4.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 6ae1756faddefd7494353380ee546dd38c2f97eb Mon Sep 17 00:00:00 2001
From: James Hogan <jhogan@xxxxxxxxxx>
Date: Tue, 20 Feb 2018 15:44:37 +0000
Subject: MIPS: Drop spurious __unused in struct compat_flock

From: James Hogan <jhogan@xxxxxxxxxx>

commit 6ae1756faddefd7494353380ee546dd38c2f97eb upstream.

MIPS' struct compat_flock doesn't match the 32-bit struct flock, as it
has an extra short __unused before pad[4], which combined with alignment
increases the size to 40 bytes compared with struct flock's 36 bytes.

Since commit 8c6657cb50cb ("Switch flock copyin/copyout primitives to
copy_{from,to}_user()"), put_compat_flock() writes the full compat_flock
struct to userland, which results in corruption of the userland word
after the struct flock when running 32-bit userlands on 64-bit kernels.

This was observed to cause a bus error exception when starting Firefox
on Debian 8 (Jessie).

Reported-by: Peter Mamonov <pmamonov@xxxxxxxxx>
Signed-off-by: James Hogan <jhogan@xxxxxxxxxx>
Tested-by: Peter Mamonov <pmamonov@xxxxxxxxx>
Cc: Ralf Baechle <ralf@xxxxxxxxxxxxxx>
Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Cc: linux-mips@xxxxxxxxxxxxxx
Cc: <stable@xxxxxxxxxxxxxxx> # 4.13+
Patchwork: https://patchwork.linux-mips.org/patch/18646/
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
 arch/mips/include/asm/compat.h |    1 -
 1 file changed, 1 deletion(-)

--- a/arch/mips/include/asm/compat.h
+++ b/arch/mips/include/asm/compat.h
@@ -86,7 +86,6 @@ struct compat_flock {
 	compat_off_t	l_len;
 	s32		l_sysid;
 	compat_pid_t	l_pid;
-	short		__unused;
 	s32		pad[4];
 };
 


Patches currently in stable-queue which might be from jhogan@xxxxxxxxxx are

queue-4.15/mips-drop-spurious-__unused-in-struct-compat_flock.patch






