From: Sasha Levin Date: Fri, 25 Oct 2024 10:20:41 +0000 (-0400) Subject: Fixes for 5.4 X-Git-Tag: v5.15.170~47 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f5fe12a69afd081f5446cc2cfb246607ab22007d;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 5.4 Signed-off-by: Sasha Levin --- diff --git a/queue-5.4/jfs-fix-sanity-check-in-dbmount.patch b/queue-5.4/jfs-fix-sanity-check-in-dbmount.patch new file mode 100644 index 00000000000..eed32a45e51 --- /dev/null +++ b/queue-5.4/jfs-fix-sanity-check-in-dbmount.patch @@ -0,0 +1,35 @@ +From e82ca583a7eaca9c41c59a40b0532dafd1372f82 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 22 Oct 2024 09:40:37 -0500 +Subject: jfs: Fix sanity check in dbMount + +From: Dave Kleikamp + +[ Upstream commit 67373ca8404fe57eb1bb4b57f314cff77ce54932 ] + +MAXAG is a legitimate value for bmp->db_numag + +Fixes: e63866a47556 ("jfs: fix out-of-bounds in dbNextAG() and diAlloc()") + +Signed-off-by: Dave Kleikamp +Signed-off-by: Sasha Levin +--- + fs/jfs/jfs_dmap.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c +index 01cdfe7891b94..00258a551334a 100644 +--- a/fs/jfs/jfs_dmap.c ++++ b/fs/jfs/jfs_dmap.c +@@ -187,7 +187,7 @@ int dbMount(struct inode *ipbmap) + } + + bmp->db_numag = le32_to_cpu(dbmp_le->dn_numag); +- if (!bmp->db_numag || bmp->db_numag >= MAXAG) { ++ if (!bmp->db_numag || bmp->db_numag > MAXAG) { + err = -EINVAL; + goto err_release_metapage; + } +-- +2.43.0 + diff --git a/queue-5.4/series b/queue-5.4/series index 0532502b28b..80e37cd56ee 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -403,3 +403,5 @@ kvm-s390-gaccess-cleanup-access-to-guest-pages.patch kvm-s390-gaccess-check-if-guest-address-is-in-memslo.patch drm-vboxvideo-replace-fake-vla-at-end-of-vbva_mouse_.patch udf-fix-uninit-value-use-in-udf_get_fileshortad.patch +jfs-fix-sanity-check-in-dbmount.patch +tracing-consider-the-null-character-when-validating-.patch diff --git a/queue-5.4/tracing-consider-the-null-character-when-validating-.patch b/queue-5.4/tracing-consider-the-null-character-when-validating-.patch new file mode 100644 index 00000000000..5b68b17b9d6 --- /dev/null +++ b/queue-5.4/tracing-consider-the-null-character-when-validating-.patch @@ -0,0 +1,42 @@ +From a41194541871f911cc94232caceda6d5bd336901 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 7 Oct 2024 15:47:24 +0100 +Subject: tracing: Consider the NULL character when validating the event length + +From: Leo Yan + +[ Upstream commit 0b6e2e22cb23105fcb171ab92f0f7516c69c8471 ] + +strlen() returns a string length excluding the null byte. If the string +length equals to the maximum buffer length, the buffer will have no +space for the NULL terminating character. + +This commit checks this condition and returns failure for it. + +Link: https://lore.kernel.org/all/20241007144724.920954-1-leo.yan@arm.com/ + +Fixes: dec65d79fd26 ("tracing/probe: Check event name length correctly") +Signed-off-by: Leo Yan +Reviewed-by: Steven Rostedt (Google) +Signed-off-by: Masami Hiramatsu (Google) +Signed-off-by: Sasha Levin +--- + kernel/trace/trace_probe.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c +index 476a685c6b6cf..0fef4bf83172c 100644 +--- a/kernel/trace/trace_probe.c ++++ b/kernel/trace/trace_probe.c +@@ -256,7 +256,7 @@ int traceprobe_parse_event_name(const char **pevent, const char **pgroup, + if (len == 0) { + trace_probe_log_err(offset, NO_EVENT_NAME); + return -EINVAL; +- } else if (len > MAX_EVENT_NAME_LEN) { ++ } else if (len >= MAX_EVENT_NAME_LEN) { + trace_probe_log_err(offset, EVENT_TOO_LONG); + return -EINVAL; + } +-- +2.43.0 +