From: Greg Kroah-Hartman Date: Wed, 19 Oct 2022 06:36:21 +0000 (+0200) Subject: 4.14-stable patches X-Git-Tag: v6.0.3~27 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d2b51fd1eb8237fac2b6d9d2c53f630bbbb442fa;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: md-replace-snprintf-with-scnprintf.patch --- diff --git a/queue-4.14/can-rx-offload-can_rx_offload_init_queue-fix-typo.patch b/queue-4.14/can-rx-offload-can_rx_offload_init_queue-fix-typo.patch deleted file mode 100644 index aeff46ee6e2..00000000000 --- a/queue-4.14/can-rx-offload-can_rx_offload_init_queue-fix-typo.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 49797b312666f40bdfa38db832f4885ca9c76ef3 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Wed, 10 Aug 2022 21:38:00 +0200 -Subject: can: rx-offload: can_rx_offload_init_queue(): fix typo -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -From: Marc Kleine-Budde - -[ Upstream commit 766108d91246530d31b42765046f7ec2d1e42581 ] - -Fix typo "rounted" -> "rounded". - -Link: https://lore.kernel.org/all/20220811093617.1861938-2-mkl@pengutronix.de -Fixes: d254586c3453 ("can: rx-offload: Add support for HW fifo based irq offloading") -Reported-by: Uwe Kleine-König -Signed-off-by: Marc Kleine-Budde -Signed-off-by: Sasha Levin ---- - drivers/net/can/rx-offload.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/drivers/net/can/rx-offload.c b/drivers/net/can/rx-offload.c -index a04680183066..cd6690793992 100644 ---- a/drivers/net/can/rx-offload.c -+++ b/drivers/net/can/rx-offload.c -@@ -341,7 +341,7 @@ static int can_rx_offload_init_queue(struct net_device *dev, struct can_rx_offlo - { - offload->dev = dev; - -- /* Limit queue len to 4x the weight (rounted to next power of two) */ -+ /* Limit queue len to 4x the weight (rounded to next power of two) */ - offload->skb_queue_len_max = 2 << fls(weight); - offload->skb_queue_len_max *= 4; - skb_queue_head_init(&offload->skb_queue); --- -2.35.1 - diff --git a/queue-4.14/md-replace-snprintf-with-scnprintf.patch b/queue-4.14/md-replace-snprintf-with-scnprintf.patch new file mode 100644 index 00000000000..f941b845b2a --- /dev/null +++ b/queue-4.14/md-replace-snprintf-with-scnprintf.patch @@ -0,0 +1,68 @@ +From 1727fd5015d8f93474148f94e34cda5aa6ad4a43 Mon Sep 17 00:00:00 2001 +From: Saurabh Sengar +Date: Tue, 23 Aug 2022 11:51:04 -0700 +Subject: md: Replace snprintf with scnprintf +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Saurabh Sengar + +commit 1727fd5015d8f93474148f94e34cda5aa6ad4a43 upstream. + +Current code produces a warning as shown below when total characters +in the constituent block device names plus the slashes exceeds 200. +snprintf() returns the number of characters generated from the given +input, which could cause the expression “200 – len” to wrap around +to a large positive number. Fix this by using scnprintf() instead, +which returns the actual number of characters written into the buffer. + +[ 1513.267938] ------------[ cut here ]------------ +[ 1513.267943] WARNING: CPU: 15 PID: 37247 at /lib/vsprintf.c:2509 vsnprintf+0x2c8/0x510 +[ 1513.267944] Modules linked in: +[ 1513.267969] CPU: 15 PID: 37247 Comm: mdadm Not tainted 5.4.0-1085-azure #90~18.04.1-Ubuntu +[ 1513.267969] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 05/09/2022 +[ 1513.267971] RIP: 0010:vsnprintf+0x2c8/0x510 +<-snip-> +[ 1513.267982] Call Trace: +[ 1513.267986] snprintf+0x45/0x70 +[ 1513.267990] ? disk_name+0x71/0xa0 +[ 1513.267993] dump_zones+0x114/0x240 [raid0] +[ 1513.267996] ? _cond_resched+0x19/0x40 +[ 1513.267998] raid0_run+0x19e/0x270 [raid0] +[ 1513.268000] md_run+0x5e0/0xc50 +[ 1513.268003] ? security_capable+0x3f/0x60 +[ 1513.268005] do_md_run+0x19/0x110 +[ 1513.268006] md_ioctl+0x195e/0x1f90 +[ 1513.268007] blkdev_ioctl+0x91f/0x9f0 +[ 1513.268010] block_ioctl+0x3d/0x50 +[ 1513.268012] do_vfs_ioctl+0xa9/0x640 +[ 1513.268014] ? __fput+0x162/0x260 +[ 1513.268016] ksys_ioctl+0x75/0x80 +[ 1513.268017] __x64_sys_ioctl+0x1a/0x20 +[ 1513.268019] do_syscall_64+0x5e/0x200 +[ 1513.268021] entry_SYSCALL_64_after_hwframe+0x44/0xa9 + +Fixes: 766038846e875 ("md/raid0: replace printk() with pr_*()") +Reviewed-by: Michael Kelley +Acked-by: Guoqing Jiang +Signed-off-by: Saurabh Sengar +Signed-off-by: Song Liu +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/raid0.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/md/raid0.c ++++ b/drivers/md/raid0.c +@@ -70,8 +70,8 @@ static void dump_zones(struct mddev *mdd + int len = 0; + + for (k = 0; k < conf->strip_zone[j].nb_dev; k++) +- len += snprintf(line+len, 200-len, "%s%s", k?"/":"", +- bdevname(conf->devlist[j*raid_disks ++ len += scnprintf(line+len, 200-len, "%s%s", k?"/":"", ++ bdevname(conf->devlist[j*raid_disks + + k]->bdev, b)); + pr_debug("md: zone%d=[%s]\n", j, line); + diff --git a/queue-4.14/series b/queue-4.14/series index 6a3413f1e95..2d7432b8dc8 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -83,7 +83,6 @@ wifi-mac80211-allow-bw-change-during-channel-switch-.patch wifi-rtl8xxxu-tighten-bounds-checking-in-rtl8xxxu_re.patch spi-qup-add-missing-clk_disable_unprepare-on-error-i.patch spi-qup-add-missing-clk_disable_unprepare-on-error-i.patch-11200 -can-rx-offload-can_rx_offload_init_queue-fix-typo.patch wifi-rtl8xxxu-fix-skb-misuse-in-tx-queue-selection.patch wifi-rtl8xxxu-gen2-fix-mistake-in-path-b-iq-calibrat.patch net-fs_enet-fix-wrong-check-in-do_pd_setup.patch @@ -210,3 +209,4 @@ perf-intel-pt-fix-segfault-in-intel_pt_print_info-with-uclibc.patch net-ieee802154-return-einval-for-unknown-addr-type.patch net-ieee802154-don-t-warn-zero-sized-raw_sendmsg.patch ext4-continue-to-expand-file-system-when-the-target-size-doesn-t-reach.patch +md-replace-snprintf-with-scnprintf.patch