Add cc to Al.
On 2015/3/20 17:18, Willy Tarreau wrote:
> Hi Greg,
>
> On Fri, Mar 20, 2015 at 10:05:00AM +0100, Greg KH wrote:
>> On Fri, Mar 20, 2015 at 04:59:42PM +0800, Zhang Zhen wrote:
>>> We need to check the position and size of file writes against various
>>> limits, using generic_write_check(). This was not being done for
>>> the splice write path. It was fixed upstream by commit 8d0207652cbe
>>> ("->splice_write() via ->write_iter()") but we can't apply that.
>>>
>>> CVE-2014-7822
>>>
>>> Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
>>> [Ben fixed it in 3.2 stable, i ported it to 3.10 stable]
>>> Signed-off-by: Zhang Zhen <zhenzhang.zhang@xxxxxxxxxx>
>>> ---
>>> fs/ocfs2/file.c | 8 +++++---
>>> fs/splice.c | 8 ++++++--
>>> 2 files changed, 11 insertions(+), 5 deletions(-)
>>
>> What is the git commit id of this in Linus's tree?
>
> The commit message refers to this one :
>
> commit 8d0207652cbe27d1f962050737848e5ad4671958
> Author: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
> Date: Sat Apr 5 04:27:08 2014 -0400
>
> ->splice_write() via ->write_iter()
>
> iter_file_splice_write() - a ->splice_write() instance that gathers the
> pipe buffers, builds a bio_vec-based iov_iter covering those and feeds
> it to ->write_iter(). A bunch of simple cases coverted to that...
>
> [AV: fixed the braino spotted by Cyrill]
>
> Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
>
> However the fix is very different here, I think it would be prudent
> to get Al's Ack on this one, especially after it's been ported from
> another version.
>
> Willy
>
>
> .
>
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html