From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 29 Sep 2025 11:46:09 +0000 (+0200)
Subject: 5.10-stable patches
X-Git-Tag: v5.4.300~38
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=be51f20c48524f5b6badda6bd1370b7d55025c1a;p=thirdparty%2Fkernel%2Fstable-queue.git

5.10-stable patches

added patches:
	tracing-dynevent-add-a-missing-lockdown-check-on-dynevent.patch
---

diff --git a/queue-5.10/series b/queue-5.10/series
index 5a41271fac..951367b52a 100644
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -111,3 +111,4 @@ i40e-fix-idx-validation-in-i40e_validate_queue_map.patch
 i40e-fix-input-validation-logic-for-action_meta.patch
 i40e-add-max-boundary-check-for-vf-filters.patch
 i40e-add-mask-to-apply-valid-bits-for-itr_idx.patch
+tracing-dynevent-add-a-missing-lockdown-check-on-dynevent.patch
diff --git a/queue-5.10/tracing-dynevent-add-a-missing-lockdown-check-on-dynevent.patch b/queue-5.10/tracing-dynevent-add-a-missing-lockdown-check-on-dynevent.patch
new file mode 100644
index 0000000000..181608c3fc
--- /dev/null
+++ b/queue-5.10/tracing-dynevent-add-a-missing-lockdown-check-on-dynevent.patch
@@ -0,0 +1,36 @@
+From 456c32e3c4316654f95f9d49c12cbecfb77d5660 Mon Sep 17 00:00:00 2001
+From: "Masami Hiramatsu (Google)" <mhiramat@kernel.org>
+Date: Fri, 19 Sep 2025 10:15:56 +0900
+Subject: tracing: dynevent: Add a missing lockdown check on dynevent
+
+From: Masami Hiramatsu (Google) <mhiramat@kernel.org>
+
+commit 456c32e3c4316654f95f9d49c12cbecfb77d5660 upstream.
+
+Since dynamic_events interface on tracefs is compatible with
+kprobe_events and uprobe_events, it should also check the lockdown
+status and reject if it is set.
+
+Link: https://lore.kernel.org/all/175824455687.45175.3734166065458520748.stgit@devnote2/
+
+Fixes: 17911ff38aa5 ("tracing: Add locked_down checks to the open calls of files created for tracefs")
+Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/trace/trace_dynevent.c |    4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/kernel/trace/trace_dynevent.c
++++ b/kernel/trace/trace_dynevent.c
+@@ -176,6 +176,10 @@ static int dyn_event_open(struct inode *
+ {
+ 	int ret;
+ 
++	ret = security_locked_down(LOCKDOWN_TRACEFS);
++	if (ret)
++		return ret;
++
+ 	ret = tracing_check_open_get_tr(NULL);
+ 	if (ret)
+ 		return ret;