i40e-fix-input-validation-logic-for-action_meta.patch
i40e-add-max-boundary-check-for-vf-filters.patch
i40e-add-mask-to-apply-valid-bits-for-itr_idx.patch
+tracing-dynevent-add-a-missing-lockdown-check-on-dynevent.patch
--- /dev/null
+From 456c32e3c4316654f95f9d49c12cbecfb77d5660 Mon Sep 17 00:00:00 2001
+From: "Masami Hiramatsu (Google)" <mhiramat@kernel.org>
+Date: Fri, 19 Sep 2025 10:15:56 +0900
+Subject: tracing: dynevent: Add a missing lockdown check on dynevent
+
+From: Masami Hiramatsu (Google) <mhiramat@kernel.org>
+
+commit 456c32e3c4316654f95f9d49c12cbecfb77d5660 upstream.
+
+Since dynamic_events interface on tracefs is compatible with
+kprobe_events and uprobe_events, it should also check the lockdown
+status and reject if it is set.
+
+Link: https://lore.kernel.org/all/175824455687.45175.3734166065458520748.stgit@devnote2/
+
+Fixes: 17911ff38aa5 ("tracing: Add locked_down checks to the open calls of files created for tracefs")
+Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/trace/trace_dynevent.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/kernel/trace/trace_dynevent.c
++++ b/kernel/trace/trace_dynevent.c
+@@ -176,6 +176,10 @@ static int dyn_event_open(struct inode *
+ {
+ int ret;
+
++ ret = security_locked_down(LOCKDOWN_TRACEFS);
++ if (ret)
++ return ret;
++
+ ret = tracing_check_open_get_tr(NULL);
+ if (ret)
+ return ret;
projects / thirdparty / kernel / stable-queue.git / commitdiff
