--- /dev/null
+From b05ee7e5d16a1609bb6155b586e7a826c0535484 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 3 Jun 2021 15:37:53 +0300
+Subject: NFS: Fix a potential NULL dereference in nfs_get_client()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+[ Upstream commit 09226e8303beeec10f2ff844d2e46d1371dc58e0 ]
+
+None of the callers are expecting NULL returns from nfs_get_client() so
+this code will lead to an Oops. It's better to return an error
+pointer. I expect that this is dead code so hopefully no one is
+affected.
+
+Fixes: 31434f496abb ("nfs: check hostname in nfs_get_client")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/nfs/client.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fs/nfs/client.c b/fs/nfs/client.c
+index 28d8a57a9908..d322ed5cbc1c 100644
+--- a/fs/nfs/client.c
++++ b/fs/nfs/client.c
+@@ -379,7 +379,7 @@ nfs_get_client(const struct nfs_client_initdata *cl_init,
+
+ if (cl_init->hostname == NULL) {
+ WARN_ON(1);
+- return NULL;
++ return ERR_PTR(-EINVAL);
+ }
+
+ dprintk("--> nfs_get_client(%s,v%u)\n",
+--
+2.30.2
+
--- /dev/null
+From d0ff00d252a856464fd06be40f0646ab92a5982b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 5 Jun 2021 13:29:57 +0800
+Subject: perf session: Correct buffer copying when peeking events
+
+From: Leo Yan <leo.yan@linaro.org>
+
+[ Upstream commit 197eecb6ecae0b04bd694432f640ff75597fed9c ]
+
+When peeking an event, it has a short path and a long path. The short
+path uses the session pointer "one_mmap_addr" to directly fetch the
+event; and the long path needs to read out the event header and the
+following event data from file and fill into the buffer pointer passed
+through the argument "buf".
+
+The issue is in the long path that it copies the event header and event
+data into the same destination address which pointer "buf", this means
+the event header is overwritten. We are just lucky to run into the
+short path in most cases, so we don't hit the issue in the long path.
+
+This patch adds the offset "hdr_sz" to the pointer "buf" when copying
+the event data, so that it can reserve the event header which can be
+used properly by its caller.
+
+Fixes: 5a52f33adf02 ("perf session: Add perf_session__peek_event()")
+Signed-off-by: Leo Yan <leo.yan@linaro.org>
+Acked-by: Adrian Hunter <adrian.hunter@intel.com>
+Acked-by: Jiri Olsa <jolsa@redhat.com>
+Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
+Cc: Kan Liang <kan.liang@linux.intel.com>
+Cc: Mark Rutland <mark.rutland@arm.com>
+Cc: Namhyung Kim <namhyung@kernel.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Link: http://lore.kernel.org/lkml/20210605052957.1070720-1-leo.yan@linaro.org
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/perf/util/session.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tools/perf/util/session.c b/tools/perf/util/session.c
+index 89808ab008ad..9187d8119a75 100644
+--- a/tools/perf/util/session.c
++++ b/tools/perf/util/session.c
+@@ -1427,6 +1427,7 @@ int perf_session__peek_event(struct perf_session *session, off_t file_offset,
+ if (event->header.size < hdr_sz || event->header.size > buf_sz)
+ return -1;
+
++ buf += hdr_sz;
+ rest = event->header.size - hdr_sz;
+
+ if (readn(fd, buf, rest) != (ssize_t)rest)
+--
+2.30.2
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
