Fixes for 5.4

Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/queue-5.4/jfs-fix-sanity-check-in-dbmount.patch b/queue-5.4/jfs-fix-sanity-check-in-dbmount.patch
new file mode 100644 (file)
index 0000000..eed32a4
--- /dev/null
+++ b/queue-5.4/jfs-fix-sanity-check-in-dbmount.patch
@@ -0,0 +1,35 @@
+From e82ca583a7eaca9c41c59a40b0532dafd1372f82 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 22 Oct 2024 09:40:37 -0500
+Subject: jfs: Fix sanity check in dbMount
+
+From: Dave Kleikamp <dave.kleikamp@oracle.com>
+
+[ Upstream commit 67373ca8404fe57eb1bb4b57f314cff77ce54932 ]
+
+MAXAG is a legitimate value for bmp->db_numag
+
+Fixes: e63866a47556 ("jfs: fix out-of-bounds in dbNextAG() and diAlloc()")
+
+Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/jfs/jfs_dmap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c
+index 01cdfe7891b94..00258a551334a 100644
+--- a/fs/jfs/jfs_dmap.c
++++ b/fs/jfs/jfs_dmap.c
+@@ -187,7 +187,7 @@ int dbMount(struct inode *ipbmap)
+       }
+ 
+       bmp->db_numag = le32_to_cpu(dbmp_le->dn_numag);
+-      if (!bmp->db_numag || bmp->db_numag >= MAXAG) {
++      if (!bmp->db_numag || bmp->db_numag > MAXAG) {
+               err = -EINVAL;
+               goto err_release_metapage;
+       }
+-- 
+2.43.0
+

diff --git a/queue-5.4/series b/queue-5.4/series
index 0532502b28b5814e6b0168c7d8e792257283e2af..80e37cd56ee7da3d52d1c58e0856ff967c2f2f41 100644 (file)
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -403,3 +403,5 @@ kvm-s390-gaccess-cleanup-access-to-guest-pages.patch
 kvm-s390-gaccess-check-if-guest-address-is-in-memslo.patch
 drm-vboxvideo-replace-fake-vla-at-end-of-vbva_mouse_.patch
 udf-fix-uninit-value-use-in-udf_get_fileshortad.patch
+jfs-fix-sanity-check-in-dbmount.patch
+tracing-consider-the-null-character-when-validating-.patch

diff --git a/queue-5.4/tracing-consider-the-null-character-when-validating-.patch b/queue-5.4/tracing-consider-the-null-character-when-validating-.patch
new file mode 100644 (file)
index 0000000..5b68b17
--- /dev/null
+++ b/queue-5.4/tracing-consider-the-null-character-when-validating-.patch
@@ -0,0 +1,42 @@
+From a41194541871f911cc94232caceda6d5bd336901 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 7 Oct 2024 15:47:24 +0100
+Subject: tracing: Consider the NULL character when validating the event length
+
+From: Leo Yan <leo.yan@arm.com>
+
+[ Upstream commit 0b6e2e22cb23105fcb171ab92f0f7516c69c8471 ]
+
+strlen() returns a string length excluding the null byte. If the string
+length equals to the maximum buffer length, the buffer will have no
+space for the NULL terminating character.
+
+This commit checks this condition and returns failure for it.
+
+Link: https://lore.kernel.org/all/20241007144724.920954-1-leo.yan@arm.com/
+
+Fixes: dec65d79fd26 ("tracing/probe: Check event name length correctly")
+Signed-off-by: Leo Yan <leo.yan@arm.com>
+Reviewed-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/trace/trace_probe.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c
+index 476a685c6b6cf..0fef4bf83172c 100644
+--- a/kernel/trace/trace_probe.c
++++ b/kernel/trace/trace_probe.c
+@@ -256,7 +256,7 @@ int traceprobe_parse_event_name(const char **pevent, const char **pgroup,
+       if (len == 0) {
+               trace_probe_log_err(offset, NO_EVENT_NAME);
+               return -EINVAL;
+-      } else if (len > MAX_EVENT_NAME_LEN) {
++      } else if (len >= MAX_EVENT_NAME_LEN) {
+               trace_probe_log_err(offset, EVENT_TOO_LONG);
+               return -EINVAL;
+       }
+-- 
+2.43.0
+