From 97b871128f3d409e41b9ee667b8751bbdaffec6c Mon Sep 17 00:00:00 2001
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Tue, 20 Jul 2021 21:40:49 +0200
Subject: [PATCH] bump version to 5.11.22-4

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 Makefile                                      |  2 +-
 debian/changelog                              |  7 ++++
 ...07-seq-file-disallow-extremely-large.patch | 34 +++++++++++++++++++
 3 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 patches/kernel/0007-seq-file-disallow-extremely-large.patch

diff --git a/Makefile b/Makefile
index 4191541..c751c77 100644
--- a/Makefile
+++ b/Makefile
@@ -6,7 +6,7 @@ KERNEL_PATCHLEVEL=22
 # rebuild packages with new KREL and run 'make abiupdate'
 KREL=2
 
-PKGREL=3
+PKGREL=4
 
 KERNEL_MAJMIN=$(KERNEL_MAJ).$(KERNEL_MIN)
 KERNEL_VER=$(KERNEL_MAJMIN).$(KERNEL_PATCHLEVEL)
diff --git a/debian/changelog b/debian/changelog
index 167733a..44d5d5a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+pve-kernel (5.11.22-4) bullseye; urgency=medium
+
+  * fix CVE-2021-33909: seq_file: disallow extremely large seq buffer
+    allocations
+
+ -- Proxmox Support Team <support@proxmox.com>  Tue, 20 Jul 2021 21:40:02 +0200
+
 pve-kernel (5.11.22-3) bullseye; urgency=medium
 
   * update ZFS to 2.0.5
diff --git a/patches/kernel/0007-seq-file-disallow-extremely-large.patch b/patches/kernel/0007-seq-file-disallow-extremely-large.patch
new file mode 100644
index 0000000..fe4be93
--- /dev/null
+++ b/patches/kernel/0007-seq-file-disallow-extremely-large.patch
@@ -0,0 +1,34 @@
+From 8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b Mon Sep 17 00:00:00 2001
+From: Eric Sandeen <sandeen@redhat.com>
+Date: Tue, 13 Jul 2021 17:49:23 +0200
+Subject: seq_file: disallow extremely large seq buffer allocations
+
+There is no reasonable need for a buffer larger than this, and it avoids
+int overflow pitfalls.
+
+Fixes: 058504edd026 ("fs/seq_file: fallback to vmalloc allocation")
+Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
+Reported-by: Qualys Security Advisory <qsa@qualys.com>
+Signed-off-by: Eric Sandeen <sandeen@redhat.com>
+Cc: stable@kernel.org
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+---
+ fs/seq_file.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/fs/seq_file.c b/fs/seq_file.c
+index b117b212ef288..4a2cda04d3e29 100644
+--- a/fs/seq_file.c
++++ b/fs/seq_file.c
+@@ -32,6 +32,9 @@ static void seq_set_overflow(struct seq_file *m)
+ 
+ static void *seq_buf_alloc(unsigned long size)
+ {
++	if (unlikely(size > MAX_RW_COUNT))
++		return NULL;
++
+ 	return kvmalloc(size, GFP_KERNEL_ACCOUNT);
+ }
+ 
+-- 
+cgit 1.2.3-1.el7