From: Sasha Levin <sashal@kernel.org>
Date: Wed, 6 Nov 2024 01:54:07 +0000 (-0500)
Subject: Fixes for 5.4
X-Git-Tag: v4.19.323~54
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4b77626a0ceab6917bab5bf69aaf1fdf929ca813;p=thirdparty%2Fkernel%2Fstable-queue.git

Fixes for 5.4

Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/queue-5.4/ocfs2-pass-u64-to-ocfs2_truncate_inline-maybe-overfl.patch b/queue-5.4/ocfs2-pass-u64-to-ocfs2_truncate_inline-maybe-overfl.patch
new file mode 100644
index 00000000000..092f09a45fb
--- /dev/null
+++ b/queue-5.4/ocfs2-pass-u64-to-ocfs2_truncate_inline-maybe-overfl.patch
@@ -0,0 +1,60 @@
+From 34c4892a923cf0a91fd8cd5c6885b985a440bb95 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 16 Oct 2024 19:43:47 +0800
+Subject: ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow
+
+From: Edward Adam Davis <eadavis@qq.com>
+
+[ Upstream commit bc0a2f3a73fcdac651fca64df39306d1e5ebe3b0 ]
+
+Syzbot reported a kernel BUG in ocfs2_truncate_inline.  There are two
+reasons for this: first, the parameter value passed is greater than
+ocfs2_max_inline_data_with_xattr, second, the start and end parameters of
+ocfs2_truncate_inline are "unsigned int".
+
+So, we need to add a sanity check for byte_start and byte_len right before
+ocfs2_truncate_inline() in ocfs2_remove_inode_range(), if they are greater
+than ocfs2_max_inline_data_with_xattr return -EINVAL.
+
+Link: https://lkml.kernel.org/r/tencent_D48DB5122ADDAEDDD11918CFB68D93258C07@qq.com
+Fixes: 1afc32b95233 ("ocfs2: Write support for inline data")
+Signed-off-by: Edward Adam Davis <eadavis@qq.com>
+Reported-by: syzbot+81092778aac03460d6b7@syzkaller.appspotmail.com
+Closes: https://syzkaller.appspot.com/bug?extid=81092778aac03460d6b7
+Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
+Cc: Joel Becker <jlbec@evilplan.org>
+Cc: Joseph Qi <joseph.qi@linux.alibaba.com>
+Cc: Mark Fasheh <mark@fasheh.com>
+Cc: Junxiao Bi <junxiao.bi@oracle.com>
+Cc: Changwei Ge <gechangwei@live.cn>
+Cc: Gang He <ghe@suse.com>
+Cc: Jun Piao <piaojun@huawei.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/ocfs2/file.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c
+index 7294d5b3d80fe..0c62cb90d63dd 100644
+--- a/fs/ocfs2/file.c
++++ b/fs/ocfs2/file.c
+@@ -1787,6 +1787,14 @@ int ocfs2_remove_inode_range(struct inode *inode,
+ 		return 0;
+ 
+ 	if (OCFS2_I(inode)->ip_dyn_features & OCFS2_INLINE_DATA_FL) {
++		int id_count = ocfs2_max_inline_data_with_xattr(inode->i_sb, di);
++
++		if (byte_start > id_count || byte_start + byte_len > id_count) {
++			ret = -EINVAL;
++			mlog_errno(ret);
++			goto out;
++		}
++
+ 		ret = ocfs2_truncate_inline(inode, di_bh, byte_start,
+ 					    byte_start + byte_len, 0);
+ 		if (ret) {
+-- 
+2.43.0
+
diff --git a/queue-5.4/riscv-remove-unused-generating_asm_offsets.patch b/queue-5.4/riscv-remove-unused-generating_asm_offsets.patch
new file mode 100644
index 00000000000..ed9b5f51241
--- /dev/null
+++ b/queue-5.4/riscv-remove-unused-generating_asm_offsets.patch
@@ -0,0 +1,44 @@
+From ebb44f40f808fac9d7caeef87c660461b1555fa8 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 8 Oct 2024 17:41:38 +0800
+Subject: riscv: Remove unused GENERATING_ASM_OFFSETS
+
+From: Chunyan Zhang <zhangchunyan@iscas.ac.cn>
+
+[ Upstream commit 46d4e5ac6f2f801f97bcd0ec82365969197dc9b1 ]
+
+The macro is not used in the current version of kernel, it looks like
+can be removed to avoid a build warning:
+
+../arch/riscv/kernel/asm-offsets.c: At top level:
+../arch/riscv/kernel/asm-offsets.c:7: warning: macro "GENERATING_ASM_OFFSETS" is not used [-Wunused-macros]
+    7 | #define GENERATING_ASM_OFFSETS
+
+Fixes: 9639a44394b9 ("RISC-V: Provide a cleaner raw_smp_processor_id()")
+Cc: stable@vger.kernel.org
+Reviewed-by: Alexandre Ghiti <alexghiti@rivosinc.com>
+Tested-by: Alexandre Ghiti <alexghiti@rivosinc.com>
+Signed-off-by: Chunyan Zhang <zhangchunyan@iscas.ac.cn>
+Link: https://lore.kernel.org/r/20241008094141.549248-2-zhangchunyan@iscas.ac.cn
+Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/riscv/kernel/asm-offsets.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/arch/riscv/kernel/asm-offsets.c b/arch/riscv/kernel/asm-offsets.c
+index 9f5628c38ac9f..42c69d5554e44 100644
+--- a/arch/riscv/kernel/asm-offsets.c
++++ b/arch/riscv/kernel/asm-offsets.c
+@@ -4,8 +4,6 @@
+  * Copyright (C) 2017 SiFive
+  */
+ 
+-#define GENERATING_ASM_OFFSETS
+-
+ #include <linux/kbuild.h>
+ #include <linux/sched.h>
+ #include <asm/thread_info.h>
+-- 
+2.43.0
+
diff --git a/queue-5.4/series b/queue-5.4/series
index dba5f85e0ad..3531ea4abc6 100644
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -452,3 +452,5 @@ wifi-ath10k-fix-memory-leak-in-management-tx.patch
 wifi-iwlegacy-clear-stale-interrupts-before-resuming-device.patch
 staging-iio-frequency-ad9832-fix-division-by-zero-in-ad9832_calc_freqreg.patch
 nilfs2-fix-potential-deadlock-with-newly-created-symlinks.patch
+riscv-remove-unused-generating_asm_offsets.patch
+ocfs2-pass-u64-to-ocfs2_truncate_inline-maybe-overfl.patch