From fd3839f7333fa30d1ce1f8b628b09bccbd73c4ef Mon Sep 17 00:00:00 2001
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Thu, 20 Jan 2022 16:55:55 +0100
Subject: [PATCH] backport "vfs: fs_context: fix up param length parsing in
 legacy_parse_param"

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit fc0472a18fdf5d8afd58c19729b84921300debee)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 patches/kernel/0011-vfs-fix.patch | 38 +++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 patches/kernel/0011-vfs-fix.patch

diff --git a/patches/kernel/0011-vfs-fix.patch b/patches/kernel/0011-vfs-fix.patch
new file mode 100644
index 0000000..dc95794
--- /dev/null
+++ b/patches/kernel/0011-vfs-fix.patch
@@ -0,0 +1,38 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Jamie Hill-Daniel <jamie@hill-daniel.co.uk>
+Date: Tue, 18 Jan 2022 08:06:04 +0100
+Subject: vfs: fs_context: fix up param length parsing in legacy_parse_param
+
+commit 722d94847de29310e8aa03fcbdb41fc92c521756 upstream.
+
+The "PAGE_SIZE - 2 - size" calculation in legacy_parse_param() is an
+unsigned type so a large value of "size" results in a high positive
+value instead of a negative value as expected.  Fix this by getting rid
+of the subtraction.
+
+Signed-off-by: Jamie Hill-Daniel <jamie@hill-daniel.co.uk>
+Signed-off-by: William Liu <willsroot@protonmail.com>
+Tested-by: Salvatore Bonaccorso <carnil@debian.org>
+Tested-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
+Acked-by: Dan Carpenter <dan.carpenter@oracle.com>
+Acked-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ fs/fs_context.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fs/fs_context.c b/fs/fs_context.c
+index b7e43a780a625..24ce12f0db32e 100644
+--- a/fs/fs_context.c
++++ b/fs/fs_context.c
+@@ -548,7 +548,7 @@ static int legacy_parse_param(struct fs_context *fc, struct fs_parameter *param)
+ 			      param->key);
+ 	}
+ 
+-	if (len > PAGE_SIZE - 2 - size)
++	if (size + len + 2 > PAGE_SIZE)
+ 		return invalf(fc, "VFS: Legacy: Cumulative options too large");
+ 	if (strchr(param->key, ',') ||
+ 	    (param->type == fs_value_is_string &&
-- 
2.39.2