Fixes for 5.10

Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/queue-5.10/jfs-fix-sanity-check-in-dbmount.patch b/queue-5.10/jfs-fix-sanity-check-in-dbmount.patch
new file mode 100644 (file)
index 0000000..3d0303b
--- /dev/null
+++ b/queue-5.10/jfs-fix-sanity-check-in-dbmount.patch
@@ -0,0 +1,35 @@
+From 2aa2a179540bc2cb22bf0f0ef4f6d77c06db7175 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 22 Oct 2024 09:40:37 -0500
+Subject: jfs: Fix sanity check in dbMount
+
+From: Dave Kleikamp <dave.kleikamp@oracle.com>
+
+[ Upstream commit 67373ca8404fe57eb1bb4b57f314cff77ce54932 ]
+
+MAXAG is a legitimate value for bmp->db_numag
+
+Fixes: e63866a47556 ("jfs: fix out-of-bounds in dbNextAG() and diAlloc()")
+
+Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/jfs/jfs_dmap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c
+index 8efd93992946b..559f6ebebfc0c 100644
+--- a/fs/jfs/jfs_dmap.c
++++ b/fs/jfs/jfs_dmap.c
+@@ -187,7 +187,7 @@ int dbMount(struct inode *ipbmap)
+       }
+ 
+       bmp->db_numag = le32_to_cpu(dbmp_le->dn_numag);
+-      if (!bmp->db_numag || bmp->db_numag >= MAXAG) {
++      if (!bmp->db_numag || bmp->db_numag > MAXAG) {
+               err = -EINVAL;
+               goto err_release_metapage;
+       }
+-- 
+2.43.0
+

diff --git a/queue-5.10/series b/queue-5.10/series
index bdff3ee792bf21320a75dab46c0e0c93474b9e94..5a0a320596e095fe7a0ae1ffbbab0ee74a31eb9a 100644 (file)
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -28,3 +28,5 @@ iomap-update-ki_pos-a-little-later-in-iomap_dio_comp.patch
 drm-vboxvideo-replace-fake-vla-at-end-of-vbva_mouse_.patch
 asoc-fsl_sai-enable-fifo-continue-on-error-fcont-bit.patch
 arm64-force-position-independent-veneers.patch
+jfs-fix-sanity-check-in-dbmount.patch
+tracing-consider-the-null-character-when-validating-.patch

diff --git a/queue-5.10/tracing-consider-the-null-character-when-validating-.patch b/queue-5.10/tracing-consider-the-null-character-when-validating-.patch
new file mode 100644 (file)
index 0000000..a61257e
--- /dev/null
+++ b/queue-5.10/tracing-consider-the-null-character-when-validating-.patch
@@ -0,0 +1,42 @@
+From 0e4c77d654d19b55ecfd19ccb16aea4dae4c514b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 7 Oct 2024 15:47:24 +0100
+Subject: tracing: Consider the NULL character when validating the event length
+
+From: Leo Yan <leo.yan@arm.com>
+
+[ Upstream commit 0b6e2e22cb23105fcb171ab92f0f7516c69c8471 ]
+
+strlen() returns a string length excluding the null byte. If the string
+length equals to the maximum buffer length, the buffer will have no
+space for the NULL terminating character.
+
+This commit checks this condition and returns failure for it.
+
+Link: https://lore.kernel.org/all/20241007144724.920954-1-leo.yan@arm.com/
+
+Fixes: dec65d79fd26 ("tracing/probe: Check event name length correctly")
+Signed-off-by: Leo Yan <leo.yan@arm.com>
+Reviewed-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/trace/trace_probe.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c
+index 073abbe3866b4..1893fe5460acb 100644
+--- a/kernel/trace/trace_probe.c
++++ b/kernel/trace/trace_probe.c
+@@ -256,7 +256,7 @@ int traceprobe_parse_event_name(const char **pevent, const char **pgroup,
+       if (len == 0) {
+               trace_probe_log_err(offset, NO_EVENT_NAME);
+               return -EINVAL;
+-      } else if (len > MAX_EVENT_NAME_LEN) {
++      } else if (len >= MAX_EVENT_NAME_LEN) {
+               trace_probe_log_err(offset, EVENT_TOO_LONG);
+               return -EINVAL;
+       }
+-- 
+2.43.0
+