From 24fa4b60b0b5c657f783e2226812d7bcaadffc00 Mon Sep 17 00:00:00 2001
From: Ben Hutchings <benh@debian.org>
Date: Sun, 13 Nov 2011 19:00:34 +0000
Subject: [PATCH] block: Always check length of all iov entries in
 blk_rq_map_user_iov()

svn path=/dists/trunk/linux-2.6/; revision=18262
---
 debian/changelog                              |  1 +
 ...ck-length-of-all-iov-entries-in-blk_.patch | 34 +++++++++++++++++++
 debian/patches/series/base                    |  1 +
 3 files changed, 36 insertions(+)
 create mode 100644 debian/patches/bugfix/all/block-Always-check-length-of-all-iov-entries-in-blk_.patch

diff --git a/debian/changelog b/debian/changelog
index d641187fa..37ebddaff 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -21,6 +21,7 @@ linux-2.6 (3.1.1-1) UNRELEASED; urgency=low
   * hfs: fix hfs_find_init() sb->ext_tree NULL ptr oops (CVE-2011-2203)
   * vmscan: fix shrinker callback bug in fs/super.c
   * [ia64] Add accept4() syscall, thanks to Émeric Maschino (Closes: #647825)
+  * block: Always check length of all iov entries in blk_rq_map_user_iov()
 
  -- Ben Hutchings <ben@decadent.org.uk>  Fri, 04 Nov 2011 15:05:47 +0000
 
diff --git a/debian/patches/bugfix/all/block-Always-check-length-of-all-iov-entries-in-blk_.patch b/debian/patches/bugfix/all/block-Always-check-length-of-all-iov-entries-in-blk_.patch
new file mode 100644
index 000000000..a93166e4a
--- /dev/null
+++ b/debian/patches/bugfix/all/block-Always-check-length-of-all-iov-entries-in-blk_.patch
@@ -0,0 +1,34 @@
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Sun, 13 Nov 2011 18:42:46 +0000
+Subject: [PATCH] block: Always check length of all iov entries in
+ blk_rq_map_user_iov()
+
+Even after commit 5478755616ae2ef1ce144dded589b62b2a50d575
+("block: check for proper length of iov entries earlier ...")
+we still won't check for zero-length entries after an unaligned
+entry.  Remove the break-statement, so all entries are checked.
+
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+---
+ block/blk-map.c |    4 +---
+ 1 files changed, 1 insertions(+), 3 deletions(-)
+
+diff --git a/block/blk-map.c b/block/blk-map.c
+index e663ac2..2e852a4 100644
+--- a/block/blk-map.c
++++ b/block/blk-map.c
+@@ -204,10 +204,8 @@ int blk_rq_map_user_iov(struct request_queue *q, struct request *rq,
+ 		if (!iov[i].iov_len)
+ 			return -EINVAL;
+ 
+-		if (uaddr & queue_dma_alignment(q)) {
++		if (uaddr & queue_dma_alignment(q))
+ 			unaligned = 1;
+-			break;
+-		}
+ 	}
+ 
+ 	if (unaligned || (q->dma_pad_mask & len) || map_data)
+-- 
+1.7.7.2
+
diff --git a/debian/patches/series/base b/debian/patches/series/base
index cef19a240..db2129637 100644
--- a/debian/patches/series/base
+++ b/debian/patches/series/base
@@ -58,3 +58,4 @@
 + bugfix/all/hfs-fix-hfs_find_init-sb-ext_tree-NULL-ptr-oops.patch
 + bugfix/all/vmscan-fix-shrinker-callback-bug-in-fs-super.c.patch
 + bugfix/ia64/ia64-Add-accept4-syscall.patch
++ bugfix/all/block-Always-check-length-of-all-iov-entries-in-blk_.patch