From: Sasha Levin Date: Fri, 25 Oct 2024 10:20:40 +0000 (-0400) Subject: Fixes for 5.10 X-Git-Tag: v5.15.170~48 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=aabd52976e029db714142e5fc3d619331fd76887;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 5.10 Signed-off-by: Sasha Levin --- diff --git a/queue-5.10/jfs-fix-sanity-check-in-dbmount.patch b/queue-5.10/jfs-fix-sanity-check-in-dbmount.patch new file mode 100644 index 00000000000..3d0303b325f --- /dev/null +++ b/queue-5.10/jfs-fix-sanity-check-in-dbmount.patch @@ -0,0 +1,35 @@ +From 2aa2a179540bc2cb22bf0f0ef4f6d77c06db7175 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 22 Oct 2024 09:40:37 -0500 +Subject: jfs: Fix sanity check in dbMount + +From: Dave Kleikamp + +[ Upstream commit 67373ca8404fe57eb1bb4b57f314cff77ce54932 ] + +MAXAG is a legitimate value for bmp->db_numag + +Fixes: e63866a47556 ("jfs: fix out-of-bounds in dbNextAG() and diAlloc()") + +Signed-off-by: Dave Kleikamp +Signed-off-by: Sasha Levin +--- + fs/jfs/jfs_dmap.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c +index 8efd93992946b..559f6ebebfc0c 100644 +--- a/fs/jfs/jfs_dmap.c ++++ b/fs/jfs/jfs_dmap.c +@@ -187,7 +187,7 @@ int dbMount(struct inode *ipbmap) + } + + bmp->db_numag = le32_to_cpu(dbmp_le->dn_numag); +- if (!bmp->db_numag || bmp->db_numag >= MAXAG) { ++ if (!bmp->db_numag || bmp->db_numag > MAXAG) { + err = -EINVAL; + goto err_release_metapage; + } +-- +2.43.0 + diff --git a/queue-5.10/series b/queue-5.10/series index bdff3ee792b..5a0a320596e 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -28,3 +28,5 @@ iomap-update-ki_pos-a-little-later-in-iomap_dio_comp.patch drm-vboxvideo-replace-fake-vla-at-end-of-vbva_mouse_.patch asoc-fsl_sai-enable-fifo-continue-on-error-fcont-bit.patch arm64-force-position-independent-veneers.patch +jfs-fix-sanity-check-in-dbmount.patch +tracing-consider-the-null-character-when-validating-.patch diff --git a/queue-5.10/tracing-consider-the-null-character-when-validating-.patch b/queue-5.10/tracing-consider-the-null-character-when-validating-.patch new file mode 100644 index 00000000000..a61257e6563 --- /dev/null +++ b/queue-5.10/tracing-consider-the-null-character-when-validating-.patch @@ -0,0 +1,42 @@ +From 0e4c77d654d19b55ecfd19ccb16aea4dae4c514b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 7 Oct 2024 15:47:24 +0100 +Subject: tracing: Consider the NULL character when validating the event length + +From: Leo Yan + +[ Upstream commit 0b6e2e22cb23105fcb171ab92f0f7516c69c8471 ] + +strlen() returns a string length excluding the null byte. If the string +length equals to the maximum buffer length, the buffer will have no +space for the NULL terminating character. + +This commit checks this condition and returns failure for it. + +Link: https://lore.kernel.org/all/20241007144724.920954-1-leo.yan@arm.com/ + +Fixes: dec65d79fd26 ("tracing/probe: Check event name length correctly") +Signed-off-by: Leo Yan +Reviewed-by: Steven Rostedt (Google) +Signed-off-by: Masami Hiramatsu (Google) +Signed-off-by: Sasha Levin +--- + kernel/trace/trace_probe.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c +index 073abbe3866b4..1893fe5460acb 100644 +--- a/kernel/trace/trace_probe.c ++++ b/kernel/trace/trace_probe.c +@@ -256,7 +256,7 @@ int traceprobe_parse_event_name(const char **pevent, const char **pgroup, + if (len == 0) { + trace_probe_log_err(offset, NO_EVENT_NAME); + return -EINVAL; +- } else if (len > MAX_EVENT_NAME_LEN) { ++ } else if (len >= MAX_EVENT_NAME_LEN) { + trace_probe_log_err(offset, EVENT_TOO_LONG); + return -EINVAL; + } +-- +2.43.0 +