6.8-stable patches

author Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Mon, 1 Apr 2024 08:58:06 +0000 (10:58 +0200)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Mon, 1 Apr 2024 08:58:06 +0000 (10:58 +0200)
author Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 1 Apr 2024 08:58:06 +0000 (10:58 +0200)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 1 Apr 2024 08:58:06 +0000 (10:58 +0200)
diff --git a/queue-6.8/series b/queue-6.8/series

index b49ecb2bb864a8cd27de1418d82b61a667607f46..af0c0b1e6c7949d38d3dd8046f4c9ef2ae223ec1 100644 (file)
--- a/queue-6.8/series
+++ b/queue-6.8/series
@@ -351,3 +351,5 @@ scsi-ufs-qcom-provide-default-cycles_in_1us-value.patch
  scsi-sd-fix-tcg-opal-unlock-on-system-resume.patch
  scsi-sg-avoid-sg-device-teardown-race.patch
  scsi-core-fix-unremoved-procfs-host-directory-regression.patch
+staging-vc04_services-changen-strncpy-to-strscpy_pad.patch
+staging-vc04_services-fix-information-leak-in-create_component.patch
diff --git a/queue-6.8/staging-vc04_services-changen-strncpy-to-strscpy_pad.patch b/queue-6.8/staging-vc04_services-changen-strncpy-to-strscpy_pad.patch

new file mode 100644 (file)

index 0000000..0e7128e
--- /dev/null
+++ b/queue-6.8/staging-vc04_services-changen-strncpy-to-strscpy_pad.patch
@@ -0,0 +1,42 @@
+From ef25725b7f8aaffd7756974d3246ec44fae0a5cf Mon Sep 17 00:00:00 2001
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Wed, 13 Mar 2024 17:36:56 +0100
+Subject: staging: vc04_services: changen strncpy() to strscpy_pad()
+
+From: Arnd Bergmann <arnd@arndb.de>
+
+commit ef25725b7f8aaffd7756974d3246ec44fae0a5cf upstream.
+
+gcc-14 warns about this strncpy() that results in a non-terminated
+string for an overflow:
+
+In file included from include/linux/string.h:369,
+                 from drivers/staging/vc04_services/vchiq-mmal/mmal-vchiq.c:20:
+In function 'strncpy',
+    inlined from 'create_component' at drivers/staging/vc04_services/vchiq-mmal/mmal-vchiq.c:940:2:
+include/linux/fortify-string.h:108:33: error: '__builtin_strncpy' specified bound 128 equals destination size [-Werror=stringop-truncation]
+
+Change it to strscpy_pad(), which produces a properly terminated and
+zero-padded string.
+
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org>
+Link: https://lore.kernel.org/r/20240313163712.224585-1-arnd@kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/staging/vc04_services/vchiq-mmal/mmal-vchiq.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/staging/vc04_services/vchiq-mmal/mmal-vchiq.c
++++ b/drivers/staging/vc04_services/vchiq-mmal/mmal-vchiq.c
+@@ -937,8 +937,8 @@ static int create_component(struct vchiq
+       /* build component create message */
+       m.h.type = MMAL_MSG_TYPE_COMPONENT_CREATE;
+       m.u.component_create.client_component = component->client_component;
+-      strncpy(m.u.component_create.name, name,
+-              sizeof(m.u.component_create.name));
++      strscpy_pad(m.u.component_create.name, name,
++                  sizeof(m.u.component_create.name));
+ 
+       ret = send_synchronous_mmal_msg(instance, &m,
+                                       sizeof(m.u.component_create),
diff --git a/queue-6.8/staging-vc04_services-fix-information-leak-in-create_component.patch b/queue-6.8/staging-vc04_services-fix-information-leak-in-create_component.patch

new file mode 100644 (file)

index 0000000..2901b70
--- /dev/null
+++ b/queue-6.8/staging-vc04_services-fix-information-leak-in-create_component.patch
@@ -0,0 +1,33 @@
+From f37e76abd614b68987abc8e5c22d986013349771 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@linaro.org>
+Date: Wed, 13 Mar 2024 21:07:43 +0300
+Subject: staging: vc04_services: fix information leak in create_component()
+
+From: Dan Carpenter <dan.carpenter@linaro.org>
+
+commit f37e76abd614b68987abc8e5c22d986013349771 upstream.
+
+The m.u.component_create.pid field is for debugging and in the mainline
+kernel it's not used anything.  However, it still needs to be set to
+something to prevent disclosing uninitialized stack data.  Set it to
+zero.
+
+Fixes: 7b3ad5abf027 ("staging: Import the BCM2835 MMAL-based V4L2 camera driver.")
+Cc: stable <stable@kernel.org>
+Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
+Link: https://lore.kernel.org/r/2d972847-9ebd-481b-b6f9-af390f5aabd3@moroto.mountain
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/staging/vc04_services/vchiq-mmal/mmal-vchiq.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/staging/vc04_services/vchiq-mmal/mmal-vchiq.c
++++ b/drivers/staging/vc04_services/vchiq-mmal/mmal-vchiq.c
+@@ -939,6 +939,7 @@ static int create_component(struct vchiq
+       m.u.component_create.client_component = component->client_component;
+       strscpy_pad(m.u.component_create.name, name,
+                   sizeof(m.u.component_create.name));
++      m.u.component_create.pid = 0;
+ 
+       ret = send_synchronous_mmal_msg(instance, &m,
+                                       sizeof(m.u.component_create),
author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 1 Apr 2024 08:58:06 +0000 (10:58 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 1 Apr 2024 08:58:06 +0000 (10:58 +0200)
queue-6.8/series		patch \| blob \| blame \| history
queue-6.8/staging-vc04_services-changen-strncpy-to-strscpy_pad.patch	[new file with mode: 0644]	patch \| blob
queue-6.8/staging-vc04_services-fix-information-leak-in-create_component.patch	[new file with mode: 0644]	patch \| blob