4.19-stable patches

added patches:
	proc-avoid-integer-type-confusion-in-get_proc_long.patch
	proc-proc_skip_spaces-shouldn-t-think-it-is-working-on-c-strings.patch

diff --git a/queue-4.19/proc-avoid-integer-type-confusion-in-get_proc_long.patch b/queue-4.19/proc-avoid-integer-type-confusion-in-get_proc_long.patch
new file mode 100644 (file)
index 0000000..94001e2
--- /dev/null
+++ b/queue-4.19/proc-avoid-integer-type-confusion-in-get_proc_long.patch
@@ -0,0 +1,40 @@
+From e6cfaf34be9fcd1a8285a294e18986bfc41a409c Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Mon, 5 Dec 2022 11:33:40 -0800
+Subject: proc: avoid integer type confusion in get_proc_long
+
+From: Linus Torvalds <torvalds@linux-foundation.org>
+
+commit e6cfaf34be9fcd1a8285a294e18986bfc41a409c upstream.
+
+proc_get_long() is passed a size_t, but then assigns it to an 'int'
+variable for the length.  Let's not do that, even if our IO paths are
+limited to MAX_RW_COUNT (exactly because of these kinds of type errors).
+
+So do the proper test in the rigth type.
+
+Reported-by: Kyle Zeng <zengyhkyle@gmail.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/sysctl.c |    5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+--- a/kernel/sysctl.c
++++ b/kernel/sysctl.c
+@@ -2156,13 +2156,12 @@ static int proc_get_long(char **buf, siz
+                         unsigned long *val, bool *neg,
+                         const char *perm_tr, unsigned perm_tr_len, char *tr)
+ {
+-      int len;
+       char *p, tmp[TMPBUFLEN];
++      ssize_t len = *size;
+ 
+-      if (!*size)
++      if (len <= 0)
+               return -EINVAL;
+ 
+-      len = *size;
+       if (len > TMPBUFLEN - 1)
+               len = TMPBUFLEN - 1;
+ 

diff --git a/queue-4.19/proc-proc_skip_spaces-shouldn-t-think-it-is-working-on-c-strings.patch b/queue-4.19/proc-proc_skip_spaces-shouldn-t-think-it-is-working-on-c-strings.patch
new file mode 100644 (file)
index 0000000..62404bd
--- /dev/null
+++ b/queue-4.19/proc-proc_skip_spaces-shouldn-t-think-it-is-working-on-c-strings.patch
@@ -0,0 +1,106 @@
+From bce9332220bd677d83b19d21502776ad555a0e73 Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Mon, 5 Dec 2022 12:09:06 -0800
+Subject: proc: proc_skip_spaces() shouldn't think it is working on C strings
+
+From: Linus Torvalds <torvalds@linux-foundation.org>
+
+commit bce9332220bd677d83b19d21502776ad555a0e73 upstream.
+
+proc_skip_spaces() seems to think it is working on C strings, and ends
+up being just a wrapper around skip_spaces() with a really odd calling
+convention.
+
+Instead of basing it on skip_spaces(), it should have looked more like
+proc_skip_char(), which really is the exact same function (except it
+skips a particular character, rather than whitespace).  So use that as
+inspiration, odd coding and all.
+
+Now the calling convention actually makes sense and works for the
+intended purpose.
+
+Reported-and-tested-by: Kyle Zeng <zengyhkyle@gmail.com>
+Acked-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/sysctl.c |   25 +++++++++++++------------
+ 1 file changed, 13 insertions(+), 12 deletions(-)
+
+--- a/kernel/sysctl.c
++++ b/kernel/sysctl.c
+@@ -2081,13 +2081,14 @@ int proc_dostring(struct ctl_table *tabl
+                              (char __user *)buffer, lenp, ppos);
+ }
+ 
+-static size_t proc_skip_spaces(char **buf)
++static void proc_skip_spaces(char **buf, size_t *size)
+ {
+-      size_t ret;
+-      char *tmp = skip_spaces(*buf);
+-      ret = tmp - *buf;
+-      *buf = tmp;
+-      return ret;
++      while (*size) {
++              if (!isspace(**buf))
++                      break;
++              (*size)--;
++              (*buf)++;
++      }
+ }
+ 
+ static void proc_skip_char(char **buf, size_t *size, const char v)
+@@ -2324,7 +2325,7 @@ static int __do_proc_dointvec(void *tbl_
+               bool neg;
+ 
+               if (write) {
+-                      left -= proc_skip_spaces(&p);
++                      proc_skip_spaces(&p, &left);
+ 
+                       if (!left)
+                               break;
+@@ -2355,7 +2356,7 @@ static int __do_proc_dointvec(void *tbl_
+       if (!write && !first && left && !err)
+               err = proc_put_char(&buffer, &left, '\n');
+       if (write && !err && left)
+-              left -= proc_skip_spaces(&p);
++              proc_skip_spaces(&p, &left);
+       if (write) {
+               kfree(kbuf);
+               if (first)
+@@ -2404,7 +2405,7 @@ static int do_proc_douintvec_w(unsigned
+       if (IS_ERR(kbuf))
+               return -EINVAL;
+ 
+-      left -= proc_skip_spaces(&p);
++      proc_skip_spaces(&p, &left);
+       if (!left) {
+               err = -EINVAL;
+               goto out_free;
+@@ -2424,7 +2425,7 @@ static int do_proc_douintvec_w(unsigned
+       }
+ 
+       if (!err && left)
+-              left -= proc_skip_spaces(&p);
++              proc_skip_spaces(&p, &left);
+ 
+ out_free:
+       kfree(kbuf);
+@@ -2845,7 +2846,7 @@ static int __do_proc_doulongvec_minmax(v
+               if (write) {
+                       bool neg;
+ 
+-                      left -= proc_skip_spaces(&p);
++                      proc_skip_spaces(&p, &left);
+                       if (!left)
+                               break;
+ 
+@@ -2878,7 +2879,7 @@ static int __do_proc_doulongvec_minmax(v
+       if (!write && !first && left && !err)
+               err = proc_put_char(&buffer, &left, '\n');
+       if (write && !err)
+-              left -= proc_skip_spaces(&p);
++              proc_skip_spaces(&p, &left);
+       if (write) {
+               kfree(kbuf);
+               if (first)

diff --git a/queue-4.19/series b/queue-4.19/series
index 25ba8e145ee4eefc525f7e1f2dcd24d8790cf52f..e138dfb2509982b783b96364d54182f42a595402 100644 (file)
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -57,6 +57,8 @@ drm-amd-dc-dce120-fix-audio-register-mapping-stop-triggering-kasan.patch
 drm-amdgpu-always-register-an-mmu-notifier-for-userptr.patch
 btrfs-free-btrfs_path-before-copying-inodes-to-users.patch
 spi-spi-imx-fix-spi_bus_clk-if-requested-clock-is-hi.patch
+proc-avoid-integer-type-confusion-in-get_proc_long.patch
+proc-proc_skip_spaces-shouldn-t-think-it-is-working-on-c-strings.patch
 kbuild-fix-wimplicit-function-declaration-in-license.patch
 iio-health-afe4403-fix-oob-read-in-afe4403_read_raw.patch
 iio-health-afe4404-fix-oob-read-in-afe4404_-read-wri.patch