From 2c82716163ac74dcebc137938b2098ed745a53ca Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Mon, 18 Nov 2024 09:35:47 -0500 Subject: [PATCH] Fixes for 6.1 Signed-off-by: Sasha Levin --- ...dditional-check-in-ntfs_file_release.patch | 43 ++++++++++ queue-6.1/series | 3 + ...m-get-the-rid-off-struct-vchiq_2835_.patch | 79 +++++++++++++++++++ ...m-use-devm_kzalloc-for-vchiq_arm_sta.patch | 44 +++++++++++ 4 files changed, 169 insertions(+) create mode 100644 queue-6.1/fs-ntfs3-additional-check-in-ntfs_file_release.patch create mode 100644 queue-6.1/staging-vchiq_arm-get-the-rid-off-struct-vchiq_2835_.patch create mode 100644 queue-6.1/staging-vchiq_arm-use-devm_kzalloc-for-vchiq_arm_sta.patch diff --git a/queue-6.1/fs-ntfs3-additional-check-in-ntfs_file_release.patch b/queue-6.1/fs-ntfs3-additional-check-in-ntfs_file_release.patch new file mode 100644 index 00000000000..6d670bcd4d0 --- /dev/null +++ b/queue-6.1/fs-ntfs3-additional-check-in-ntfs_file_release.patch @@ -0,0 +1,43 @@ +From 75f4913c810721cf821d01389e68f696565ca164 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 18 Nov 2024 10:26:50 +0800 +Subject: fs/ntfs3: Additional check in ntfs_file_release + +From: Konstantin Komarov + +[ Upstream commit 031d6f608290c847ba6378322d0986d08d1a645a ] + +Reported-by: syzbot+8c652f14a0fde76ff11d@syzkaller.appspotmail.com +Signed-off-by: Konstantin Komarov +Signed-off-by: Bin Lan +Signed-off-by: Sasha Levin +--- + fs/ntfs3/file.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/fs/ntfs3/file.c b/fs/ntfs3/file.c +index aedd4f5f459e6..70b38465aee36 100644 +--- a/fs/ntfs3/file.c ++++ b/fs/ntfs3/file.c +@@ -1214,8 +1214,16 @@ static int ntfs_file_release(struct inode *inode, struct file *file) + int err = 0; + + /* If we are last writer on the inode, drop the block reservation. */ +- if (sbi->options->prealloc && ((file->f_mode & FMODE_WRITE) && +- atomic_read(&inode->i_writecount) == 1)) { ++ if (sbi->options->prealloc && ++ ((file->f_mode & FMODE_WRITE) && ++ atomic_read(&inode->i_writecount) == 1) ++ /* ++ * The only file when inode->i_fop = &ntfs_file_operations and ++ * init_rwsem(&ni->file.run_lock) is not called explicitly is MFT. ++ * ++ * Add additional check here. ++ */ ++ && inode->i_ino != MFT_REC_MFT) { + ni_lock(ni); + down_write(&ni->file.run_lock); + +-- +2.43.0 + diff --git a/queue-6.1/series b/queue-6.1/series index 17a9e5ae1c5..5fbb9bb2ac1 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -31,3 +31,6 @@ revert-mmc-dw_mmc-fix-idmac-operation-with-pages-bigger-than-4k.patch mmc-sunxi-mmc-fix-a100-compatible-description.patch drm-bridge-tc358768-fix-dsi-command-tx.patch drm-amd-fix-initialization-mistake-for-nbio-7.7.0.patch +staging-vchiq_arm-get-the-rid-off-struct-vchiq_2835_.patch +staging-vchiq_arm-use-devm_kzalloc-for-vchiq_arm_sta.patch +fs-ntfs3-additional-check-in-ntfs_file_release.patch diff --git a/queue-6.1/staging-vchiq_arm-get-the-rid-off-struct-vchiq_2835_.patch b/queue-6.1/staging-vchiq_arm-get-the-rid-off-struct-vchiq_2835_.patch new file mode 100644 index 00000000000..da170f8af62 --- /dev/null +++ b/queue-6.1/staging-vchiq_arm-get-the-rid-off-struct-vchiq_2835_.patch @@ -0,0 +1,79 @@ +From 2af04268b8207380cc14a7229a4bedb1ffe0e384 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 21 Jun 2024 15:19:53 +0200 +Subject: staging: vchiq_arm: Get the rid off struct vchiq_2835_state + +From: Stefan Wahren + +[ Upstream commit 4e2766102da632f26341d5539519b0abf73df887 ] + +The whole benefit of this encapsulating struct is questionable. +It just stores a flag to signalize the init state of vchiq_arm_state. +Beside the fact this flag is set too soon, the access to uninitialized +members should be avoided. So initialize vchiq_arm_state properly before +assign it directly to vchiq_state. + +Signed-off-by: Stefan Wahren +Link: https://lore.kernel.org/r/20240621131958.98208-6-wahrenst@gmx.net +Signed-off-by: Greg Kroah-Hartman +Stable-dep-of: 404b739e8955 ("staging: vchiq_arm: Use devm_kzalloc() for vchiq_arm_state allocation") +Signed-off-by: Sasha Levin +--- + .../interface/vchiq_arm/vchiq_arm.c | 25 +++++-------------- + 1 file changed, 6 insertions(+), 19 deletions(-) + +diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c +index 705c5e283c27b..bb1342223ad0d 100644 +--- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c ++++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c +@@ -115,11 +115,6 @@ struct vchiq_arm_state { + int first_connect; + }; + +-struct vchiq_2835_state { +- int inited; +- struct vchiq_arm_state arm_state; +-}; +- + struct vchiq_pagelist_info { + struct pagelist *pagelist; + size_t pagelist_buffer_size; +@@ -574,29 +569,21 @@ vchiq_arm_init_state(struct vchiq_state *state, + int + vchiq_platform_init_state(struct vchiq_state *state) + { +- struct vchiq_2835_state *platform_state; ++ struct vchiq_arm_state *platform_state; + +- state->platform_state = kzalloc(sizeof(*platform_state), GFP_KERNEL); +- if (!state->platform_state) ++ platform_state = kzalloc(sizeof(*platform_state), GFP_KERNEL); ++ if (!platform_state) + return -ENOMEM; + +- platform_state = (struct vchiq_2835_state *)state->platform_state; +- +- platform_state->inited = 1; +- vchiq_arm_init_state(state, &platform_state->arm_state); ++ vchiq_arm_init_state(state, platform_state); ++ state->platform_state = (struct opaque_platform_state *)platform_state; + + return 0; + } + + static struct vchiq_arm_state *vchiq_platform_get_arm_state(struct vchiq_state *state) + { +- struct vchiq_2835_state *platform_state; +- +- platform_state = (struct vchiq_2835_state *)state->platform_state; +- +- WARN_ON_ONCE(!platform_state->inited); +- +- return &platform_state->arm_state; ++ return (struct vchiq_arm_state *)state->platform_state; + } + + void +-- +2.43.0 + diff --git a/queue-6.1/staging-vchiq_arm-use-devm_kzalloc-for-vchiq_arm_sta.patch b/queue-6.1/staging-vchiq_arm-use-devm_kzalloc-for-vchiq_arm_sta.patch new file mode 100644 index 00000000000..40ddc6701bd --- /dev/null +++ b/queue-6.1/staging-vchiq_arm-use-devm_kzalloc-for-vchiq_arm_sta.patch @@ -0,0 +1,44 @@ +From c73301eceeff8d84ac5ed2539ef7f9d953f548b0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 16 Oct 2024 18:32:24 +0530 +Subject: staging: vchiq_arm: Use devm_kzalloc() for vchiq_arm_state allocation + +From: Umang Jain + +[ Upstream commit 404b739e895522838f1abdc340c554654d671dde ] + +The struct vchiq_arm_state 'platform_state' is currently allocated +dynamically using kzalloc(). Unfortunately, it is never freed and is +subjected to memory leaks in the error handling paths of the probe() +function. + +To address the issue, use device resource management helper +devm_kzalloc(), to ensure cleanup after its allocation. + +Fixes: 71bad7f08641 ("staging: add bcm2708 vchiq driver") +Cc: stable@vger.kernel.org +Signed-off-by: Umang Jain +Reviewed-by: Dan Carpenter +Link: https://lore.kernel.org/r/20241016130225.61024-2-umang.jain@ideasonboard.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c +index bb1342223ad0d..456a9508fb911 100644 +--- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c ++++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c +@@ -571,7 +571,7 @@ vchiq_platform_init_state(struct vchiq_state *state) + { + struct vchiq_arm_state *platform_state; + +- platform_state = kzalloc(sizeof(*platform_state), GFP_KERNEL); ++ platform_state = devm_kzalloc(state->dev, sizeof(*platform_state), GFP_KERNEL); + if (!platform_state) + return -ENOMEM; + +-- +2.43.0 + -- 2.47.2