From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Message-ID: <5345AAE4.6040605@oracle.com>
Date: Wed, 09 Apr 2014 16:17:40 -0400
From: Sasha Levin <sasha.levin@oracle.com>
MIME-Version: 1.0
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	linux-kernel@vger.kernel.org
CC: stable@vger.kernel.org, Al Viro <viro@zeniv.linux.org.uk>,
	Quentin Casasnovas <quentin.casasnovas@oracle.com>,
	Vegard Nossum <vegard.nossum@oracle.com>,
	Phil Turnbull <phil.turnbull@oracle.com>,
	linux-fsdevel <linux-fsdevel@vger.kernel.org>
Subject: Re: [PATCH 3.13 12/22] make prepend_name() work correctly when called
 with negative *buflen
References: <20140401040703.045139933@linuxfoundation.org> <20140401040706.285713373@linuxfoundation.org>
In-Reply-To: <20140401040706.285713373@linuxfoundation.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

On 04/01/2014 12:08 AM, Greg Kroah-Hartman wrote:
> 3.13-stable review patch.  If anyone has any objections, please let me know.
> 
> ------------------
> 
> From: Al Viro <viro@zeniv.linux.org.uk>
> 
> commit e825196d48d2b89a6ec3a8eff280098d2a78207e upstream.
> 
> In all callchains leading to prepend_name(), the value left in *buflen
> is eventually discarded unused if prepend_name() has returned a negative.
> So we are free to do what prepend() does, and subtract from *buflen
> *before* checking for underflow (which turns into checking the sign
> of subtraction result, of course).
> 
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Hi Al, Greg,

We're working on creating Ksplice updates for the last -stable tree,
and stumbled on this patch.

The log message isn't too clear on what actually gets fixed, and
auditing the code didn't reveal the answer for that.

Could someone please describe what's the issue being solved with
this patch?


Thanks,
Sasha