6.16-stable patches

added patches:
	crypto-acomp-fix-cfi-failure-due-to-type-punning.patch

diff --git a/queue-6.16/crypto-acomp-fix-cfi-failure-due-to-type-punning.patch b/queue-6.16/crypto-acomp-fix-cfi-failure-due-to-type-punning.patch
new file mode 100644 (file)
index 0000000..c1b1a89
--- /dev/null
+++ b/queue-6.16/crypto-acomp-fix-cfi-failure-due-to-type-punning.patch
@@ -0,0 +1,60 @@
+From 962ddc5a7a4b04c007bba0f3e7298cda13c62efd Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@kernel.org>
+Date: Tue, 8 Jul 2025 17:59:54 -0700
+Subject: crypto: acomp - Fix CFI failure due to type punning
+
+From: Eric Biggers <ebiggers@kernel.org>
+
+commit 962ddc5a7a4b04c007bba0f3e7298cda13c62efd upstream.
+
+To avoid a crash when control flow integrity is enabled, make the
+workspace ("stream") free function use a consistent type, and call it
+through a function pointer that has that same type.
+
+Fixes: 42d9f6c77479 ("crypto: acomp - Move scomp stream allocation code into acomp")
+Cc: stable@vger.kernel.org
+Signed-off-by: Eric Biggers <ebiggers@kernel.org>
+Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+[Giovanni: Backport to 6.16.y. Removed logic in crypto/zstd.c as commit
+f5ad93ffb541 ("crypto: zstd - convert to acomp") is not going to be
+backported to stable.]
+Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ crypto/deflate.c                    |    7 ++++++-
+ include/crypto/internal/acompress.h |    5 +----
+ 2 files changed, 7 insertions(+), 5 deletions(-)
+
+--- a/crypto/deflate.c
++++ b/crypto/deflate.c
+@@ -48,9 +48,14 @@ static void *deflate_alloc_stream(void)
+       return ctx;
+ }
+ 
++static void deflate_free_stream(void *ctx)
++{
++      kvfree(ctx);
++}
++
+ static struct crypto_acomp_streams deflate_streams = {
+       .alloc_ctx = deflate_alloc_stream,
+-      .cfree_ctx = kvfree,
++      .free_ctx = deflate_free_stream,
+ };
+ 
+ static int deflate_compress_one(struct acomp_req *req,
+--- a/include/crypto/internal/acompress.h
++++ b/include/crypto/internal/acompress.h
+@@ -63,10 +63,7 @@ struct crypto_acomp_stream {
+ struct crypto_acomp_streams {
+       /* These must come first because of struct scomp_alg. */
+       void *(*alloc_ctx)(void);
+-      union {
+-              void (*free_ctx)(void *);
+-              void (*cfree_ctx)(const void *);
+-      };
++      void (*free_ctx)(void *);
+ 
+       struct crypto_acomp_stream __percpu *streams;
+       struct work_struct stream_work;

diff --git a/queue-6.16/series b/queue-6.16/series
index 3f31d99f575bcd6a8a5b5dc528055d7868f8ab64..b15d6d012232d50fc3be7ee1ed8d4c0f7a49fc5d 100644 (file)
--- a/queue-6.16/series
+++ b/queue-6.16/series
@@ -226,3 +226,4 @@ xfs-fully-decouple-xfs_ibulk-flags-from-xfs_iwalk-flags.patch
 xfs-remove-unused-label-in-xfs_dax_notify_dev_failure.patch
 erofs-fix-build-error-with-config_erofs_fs_zip_accel-y.patch
 erofs-do-not-select-tristate-symbols-from-bool-symbols.patch
+crypto-acomp-fix-cfi-failure-due-to-type-punning.patch