Fixes for 6.1

Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/queue-6.1/fs-ntfs3-additional-check-in-ntfs_file_release.patch b/queue-6.1/fs-ntfs3-additional-check-in-ntfs_file_release.patch
new file mode 100644 (file)
index 0000000..6d670bc
--- /dev/null
+++ b/queue-6.1/fs-ntfs3-additional-check-in-ntfs_file_release.patch
@@ -0,0 +1,43 @@
+From 75f4913c810721cf821d01389e68f696565ca164 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 18 Nov 2024 10:26:50 +0800
+Subject: fs/ntfs3: Additional check in ntfs_file_release
+
+From: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
+
+[ Upstream commit 031d6f608290c847ba6378322d0986d08d1a645a ]
+
+Reported-by: syzbot+8c652f14a0fde76ff11d@syzkaller.appspotmail.com
+Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
+Signed-off-by: Bin Lan <bin.lan.cn@windriver.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/ntfs3/file.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/fs/ntfs3/file.c b/fs/ntfs3/file.c
+index aedd4f5f459e6..70b38465aee36 100644
+--- a/fs/ntfs3/file.c
++++ b/fs/ntfs3/file.c
+@@ -1214,8 +1214,16 @@ static int ntfs_file_release(struct inode *inode, struct file *file)
+       int err = 0;
+ 
+       /* If we are last writer on the inode, drop the block reservation. */
+-      if (sbi->options->prealloc && ((file->f_mode & FMODE_WRITE) &&
+-                                    atomic_read(&inode->i_writecount) == 1)) {
++      if (sbi->options->prealloc &&
++          ((file->f_mode & FMODE_WRITE) &&
++           atomic_read(&inode->i_writecount) == 1)
++         /*
++          * The only file when inode->i_fop = &ntfs_file_operations and
++          * init_rwsem(&ni->file.run_lock) is not called explicitly is MFT.
++          *
++          * Add additional check here.
++          */
++          && inode->i_ino != MFT_REC_MFT) {
+               ni_lock(ni);
+               down_write(&ni->file.run_lock);
+ 
+-- 
+2.43.0
+

diff --git a/queue-6.1/series b/queue-6.1/series
index 17a9e5ae1c5453539b6a21e9067a3907a0373d9c..5fbb9bb2ac19ddfe165144407dcb8b0c0a6d4eb0 100644 (file)
--- a/queue-6.1/series
+++ b/queue-6.1/series
@@ -31,3 +31,6 @@ revert-mmc-dw_mmc-fix-idmac-operation-with-pages-bigger-than-4k.patch
 mmc-sunxi-mmc-fix-a100-compatible-description.patch
 drm-bridge-tc358768-fix-dsi-command-tx.patch
 drm-amd-fix-initialization-mistake-for-nbio-7.7.0.patch
+staging-vchiq_arm-get-the-rid-off-struct-vchiq_2835_.patch
+staging-vchiq_arm-use-devm_kzalloc-for-vchiq_arm_sta.patch
+fs-ntfs3-additional-check-in-ntfs_file_release.patch

diff --git a/queue-6.1/staging-vchiq_arm-get-the-rid-off-struct-vchiq_2835_.patch b/queue-6.1/staging-vchiq_arm-get-the-rid-off-struct-vchiq_2835_.patch
new file mode 100644 (file)
index 0000000..da170f8
--- /dev/null
+++ b/queue-6.1/staging-vchiq_arm-get-the-rid-off-struct-vchiq_2835_.patch
@@ -0,0 +1,79 @@
+From 2af04268b8207380cc14a7229a4bedb1ffe0e384 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 21 Jun 2024 15:19:53 +0200
+Subject: staging: vchiq_arm: Get the rid off struct vchiq_2835_state
+
+From: Stefan Wahren <wahrenst@gmx.net>
+
+[ Upstream commit 4e2766102da632f26341d5539519b0abf73df887 ]
+
+The whole benefit of this encapsulating struct is questionable.
+It just stores a flag to signalize the init state of vchiq_arm_state.
+Beside the fact this flag is set too soon, the access to uninitialized
+members should be avoided. So initialize vchiq_arm_state properly before
+assign it directly to vchiq_state.
+
+Signed-off-by: Stefan Wahren <wahrenst@gmx.net>
+Link: https://lore.kernel.org/r/20240621131958.98208-6-wahrenst@gmx.net
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Stable-dep-of: 404b739e8955 ("staging: vchiq_arm: Use devm_kzalloc() for vchiq_arm_state allocation")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ .../interface/vchiq_arm/vchiq_arm.c           | 25 +++++--------------
+ 1 file changed, 6 insertions(+), 19 deletions(-)
+
+diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
+index 705c5e283c27b..bb1342223ad0d 100644
+--- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
++++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
+@@ -115,11 +115,6 @@ struct vchiq_arm_state {
+       int first_connect;
+ };
+ 
+-struct vchiq_2835_state {
+-      int inited;
+-      struct vchiq_arm_state arm_state;
+-};
+-
+ struct vchiq_pagelist_info {
+       struct pagelist *pagelist;
+       size_t pagelist_buffer_size;
+@@ -574,29 +569,21 @@ vchiq_arm_init_state(struct vchiq_state *state,
+ int
+ vchiq_platform_init_state(struct vchiq_state *state)
+ {
+-      struct vchiq_2835_state *platform_state;
++      struct vchiq_arm_state *platform_state;
+ 
+-      state->platform_state = kzalloc(sizeof(*platform_state), GFP_KERNEL);
+-      if (!state->platform_state)
++      platform_state = kzalloc(sizeof(*platform_state), GFP_KERNEL);
++      if (!platform_state)
+               return -ENOMEM;
+ 
+-      platform_state = (struct vchiq_2835_state *)state->platform_state;
+-
+-      platform_state->inited = 1;
+-      vchiq_arm_init_state(state, &platform_state->arm_state);
++      vchiq_arm_init_state(state, platform_state);
++      state->platform_state = (struct opaque_platform_state *)platform_state;
+ 
+       return 0;
+ }
+ 
+ static struct vchiq_arm_state *vchiq_platform_get_arm_state(struct vchiq_state *state)
+ {
+-      struct vchiq_2835_state *platform_state;
+-
+-      platform_state   = (struct vchiq_2835_state *)state->platform_state;
+-
+-      WARN_ON_ONCE(!platform_state->inited);
+-
+-      return &platform_state->arm_state;
++      return (struct vchiq_arm_state *)state->platform_state;
+ }
+ 
+ void
+-- 
+2.43.0
+

diff --git a/queue-6.1/staging-vchiq_arm-use-devm_kzalloc-for-vchiq_arm_sta.patch b/queue-6.1/staging-vchiq_arm-use-devm_kzalloc-for-vchiq_arm_sta.patch
new file mode 100644 (file)
index 0000000..40ddc67
--- /dev/null
+++ b/queue-6.1/staging-vchiq_arm-use-devm_kzalloc-for-vchiq_arm_sta.patch
@@ -0,0 +1,44 @@
+From c73301eceeff8d84ac5ed2539ef7f9d953f548b0 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 16 Oct 2024 18:32:24 +0530
+Subject: staging: vchiq_arm: Use devm_kzalloc() for vchiq_arm_state allocation
+
+From: Umang Jain <umang.jain@ideasonboard.com>
+
+[ Upstream commit 404b739e895522838f1abdc340c554654d671dde ]
+
+The struct vchiq_arm_state 'platform_state' is currently allocated
+dynamically using kzalloc(). Unfortunately, it is never freed and is
+subjected to memory leaks in the error handling paths of the probe()
+function.
+
+To address the issue, use device resource management helper
+devm_kzalloc(), to ensure cleanup after its allocation.
+
+Fixes: 71bad7f08641 ("staging: add bcm2708 vchiq driver")
+Cc: stable@vger.kernel.org
+Signed-off-by: Umang Jain <umang.jain@ideasonboard.com>
+Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org>
+Link: https://lore.kernel.org/r/20241016130225.61024-2-umang.jain@ideasonboard.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
+index bb1342223ad0d..456a9508fb911 100644
+--- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
++++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
+@@ -571,7 +571,7 @@ vchiq_platform_init_state(struct vchiq_state *state)
+ {
+       struct vchiq_arm_state *platform_state;
+ 
+-      platform_state = kzalloc(sizeof(*platform_state), GFP_KERNEL);
++      platform_state = devm_kzalloc(state->dev, sizeof(*platform_state), GFP_KERNEL);
+       if (!platform_state)
+               return -ENOMEM;
+ 
+-- 
+2.43.0
+