On 2015/3/20 17:05, Greg KH wrote: > On Fri, Mar 20, 2015 at 04:59:42PM +0800, Zhang Zhen wrote: >> We need to check the position and size of file writes against various >> limits, using generic_write_check(). This was not being done for >> the splice write path. It was fixed upstream by commit 8d0207652cbe >> ("->splice_write() via ->write_iter()") but we can't apply that. >> >> CVE-2014-7822 >> >> Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx> >> [Ben fixed it in 3.2 stable, i ported it to 3.10 stable] >> Signed-off-by: Zhang Zhen <zhenzhang.zhang@xxxxxxxxxx> >> --- >> fs/ocfs2/file.c | 8 +++++--- >> fs/splice.c | 8 ++++++-- >> 2 files changed, 11 insertions(+), 5 deletions(-) > > What is the git commit id of this in Linus's tree? In Linus's tree the commit is 8d0207652cbe, but this commit can't be applied to 3.10-stable. So i ported Ben's fix from 3.2-stable. It's commit id is 894c6350eaad7e613ae267504014a456e00a3e2a in 3.2-stable tree. Best regards! > -- > To unsubscribe from this list: send the line "unsubscribe stable" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > > -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html