--- /dev/null
+From 18f547f3fc074500ab5d419cf482240324e73a7e Mon Sep 17 00:00:00 2001
+From: Edward AD <twuufnxlz@gmail.com>
+Date: Tue, 10 Oct 2023 13:36:57 +0800
+Subject: Bluetooth: hci_sock: fix slab oob read in create_monitor_event
+
+From: Edward AD <twuufnxlz@gmail.com>
+
+commit 18f547f3fc074500ab5d419cf482240324e73a7e upstream.
+
+When accessing hdev->name, the actual string length should prevail
+
+Reported-by: syzbot+c90849c50ed209d77689@syzkaller.appspotmail.com
+Fixes: dcda165706b9 ("Bluetooth: hci_core: Fix build warnings")
+Signed-off-by: Edward AD <twuufnxlz@gmail.com>
+Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/bluetooth/hci_sock.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/bluetooth/hci_sock.c
++++ b/net/bluetooth/hci_sock.c
+@@ -439,7 +439,7 @@ static struct sk_buff *create_monitor_ev
+ ni->type = hdev->dev_type;
+ ni->bus = hdev->bus;
+ bacpy(&ni->bdaddr, &hdev->bdaddr);
+- memcpy(ni->name, hdev->name, 8);
++ memcpy(ni->name, hdev->name, strlen(hdev->name));
+
+ opcode = cpu_to_le16(HCI_MON_NEW_INDEX);
+ break;
--- /dev/null
+From bd9e54a42ce26026d67963c21b3fdfe8c7e68430 Mon Sep 17 00:00:00 2001
+From: Miguel Ojeda <ojeda@kernel.org>
+Date: Wed, 18 Oct 2023 18:01:44 +0200
+Subject: docs: rust: update Rust docs output path
+
+From: Miguel Ojeda <ojeda@kernel.org>
+
+commit bd9e54a42ce26026d67963c21b3fdfe8c7e68430 upstream.
+
+The Rust code documentation output path moved from `rust/doc` to
+`Documentation/output/rust/rustdoc`, thus update the old reference.
+
+Fixes: 48fadf440075 ("docs: Move rustdoc output, cross-reference it")
+Reviewed-by: Benno Lossin <benno.lossin@proton.me>
+Reviewed-by: Alice Ryhl <aliceryhl@google.com>
+Reviewed-by: Andreas Hindborg <a.hindborg@samsung.com>
+Link: https://lore.kernel.org/r/20231018160145.1017340-1-ojeda@kernel.org
+Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ Documentation/rust/general-information.rst | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/Documentation/rust/general-information.rst
++++ b/Documentation/rust/general-information.rst
+@@ -29,7 +29,7 @@ target with the same invocation used for
+
+ To read the docs locally in your web browser, run e.g.::
+
+- xdg-open rust/doc/kernel/index.html
++ xdg-open Documentation/output/rust/rustdoc/kernel/index.html
+
+ To learn about how to write the documentation, please see coding-guidelines.rst.
+
--- /dev/null
+From 1db773da58df20772dcc037a47163ce472d39c4d Mon Sep 17 00:00:00 2001
+From: Miguel Ojeda <ojeda@kernel.org>
+Date: Wed, 18 Oct 2023 18:01:45 +0200
+Subject: kbuild: remove old Rust docs output path
+
+From: Miguel Ojeda <ojeda@kernel.org>
+
+commit 1db773da58df20772dcc037a47163ce472d39c4d upstream.
+
+The Rust code documentation output path moved from `rust/doc` to
+`Documentation/output/rust/rustdoc`. The `make cleandocs` target
+takes care of cleaning it now since it is integrated with the rest
+of the documentation.
+
+Thus remove the old reference.
+
+Fixes: 48fadf440075 ("docs: Move rustdoc output, cross-reference it")
+Reviewed-by: Benno Lossin <benno.lossin@proton.me>
+Reviewed-by: Alice Ryhl <aliceryhl@google.com>
+Reviewed-by: Andreas Hindborg <a.hindborg@samsung.com>
+Link: https://lore.kernel.org/r/20231018160145.1017340-2-ojeda@kernel.org
+Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/Makefile
++++ b/Makefile
+@@ -1595,7 +1595,7 @@ endif
+ # Directories & files removed with 'make clean'
+ CLEAN_FILES += include/ksym vmlinux.symvers modules-only.symvers \
+ modules.builtin modules.builtin.modinfo modules.nsdeps \
+- compile_commands.json .thinlto-cache rust/test rust/doc \
++ compile_commands.json .thinlto-cache rust/test \
+ rust-project.json .vmlinux.objs .vmlinux.export.c
+
+ # Directories & files removed with 'make mrproper'
--- /dev/null
+From f2ac54ebf85615a6d78f5eb213a8bbeeb17ebe5d Mon Sep 17 00:00:00 2001
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Wed, 11 Oct 2023 16:55:10 +0200
+Subject: net: rfkill: reduce data->mtx scope in rfkill_fop_open
+
+From: Johannes Berg <johannes.berg@intel.com>
+
+commit f2ac54ebf85615a6d78f5eb213a8bbeeb17ebe5d upstream.
+
+In syzbot runs, lockdep reports that there's a (potential)
+deadlock here of data->mtx being locked recursively. This
+isn't really a deadlock since they are different instances,
+but lockdep cannot know, and teaching it would be far more
+difficult than other fixes.
+
+At the same time we don't even really _need_ the mutex to
+be locked in rfkill_fop_open(), since we're modifying only
+a completely fresh instance of 'data' (struct rfkill_data)
+that's not yet added to the global list.
+
+However, to avoid any reordering etc. within the globally
+locked section, and to make the code look more symmetric,
+we should still lock the data->events list manipulation,
+but also need to lock _only_ that. So do that.
+
+Reported-by: syzbot+509238e523e032442b80@syzkaller.appspotmail.com
+Fixes: 2c3dfba4cf84 ("rfkill: sync before userspace visibility/changes")
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/rfkill/core.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+--- a/net/rfkill/core.c
++++ b/net/rfkill/core.c
+@@ -1180,7 +1180,6 @@ static int rfkill_fop_open(struct inode
+ init_waitqueue_head(&data->read_wait);
+
+ mutex_lock(&rfkill_global_mutex);
+- mutex_lock(&data->mtx);
+ /*
+ * start getting events from elsewhere but hold mtx to get
+ * startup events added first
+@@ -1192,10 +1191,11 @@ static int rfkill_fop_open(struct inode
+ goto free;
+ rfkill_sync(rfkill);
+ rfkill_fill_event(&ev->ev, rfkill, RFKILL_OP_ADD);
++ mutex_lock(&data->mtx);
+ list_add_tail(&ev->list, &data->events);
++ mutex_unlock(&data->mtx);
+ }
+ list_add(&data->list, &rfkill_fds);
+- mutex_unlock(&data->mtx);
+ mutex_unlock(&rfkill_global_mutex);
+
+ file->private_data = data;
+@@ -1203,7 +1203,6 @@ static int rfkill_fop_open(struct inode
+ return stream_open(inode, file);
+
+ free:
+- mutex_unlock(&data->mtx);
+ mutex_unlock(&rfkill_global_mutex);
+ mutex_destroy(&data->mtx);
+ list_for_each_entry_safe(ev, tmp, &data->events, list)
phy-qcom-qmp-combo-initialize-pcs_usb-registers.patch
efi-unaccepted-fix-soft-lockups-caused-by-parallel-m.patch
net-move-altnames-together-with-the-netdevice.patch
+bluetooth-hci_sock-fix-slab-oob-read-in-create_monitor_event.patch
+net-rfkill-reduce-data-mtx-scope-in-rfkill_fop_open.patch
+docs-rust-update-rust-docs-output-path.patch
+kbuild-remove-old-rust-docs-output-path.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
