5.10-stable patches

added patches:
	proc-avoid-integer-type-confusion-in-get_proc_long.patch
	proc-proc_skip_spaces-shouldn-t-think-it-is-working-on-c-strings.patch

diff --git a/queue-5.10/proc-avoid-integer-type-confusion-in-get_proc_long.patch b/queue-5.10/proc-avoid-integer-type-confusion-in-get_proc_long.patch
new file mode 100644 (file)
index 0000000..bf60b6f
--- /dev/null
+++ b/queue-5.10/proc-avoid-integer-type-confusion-in-get_proc_long.patch
@@ -0,0 +1,40 @@
+From e6cfaf34be9fcd1a8285a294e18986bfc41a409c Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Mon, 5 Dec 2022 11:33:40 -0800
+Subject: proc: avoid integer type confusion in get_proc_long
+
+From: Linus Torvalds <torvalds@linux-foundation.org>
+
+commit e6cfaf34be9fcd1a8285a294e18986bfc41a409c upstream.
+
+proc_get_long() is passed a size_t, but then assigns it to an 'int'
+variable for the length.  Let's not do that, even if our IO paths are
+limited to MAX_RW_COUNT (exactly because of these kinds of type errors).
+
+So do the proper test in the rigth type.
+
+Reported-by: Kyle Zeng <zengyhkyle@gmail.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/sysctl.c |    5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+--- a/kernel/sysctl.c
++++ b/kernel/sysctl.c
+@@ -466,13 +466,12 @@ static int proc_get_long(char **buf, siz
+                         unsigned long *val, bool *neg,
+                         const char *perm_tr, unsigned perm_tr_len, char *tr)
+ {
+-      int len;
+       char *p, tmp[TMPBUFLEN];
++      ssize_t len = *size;
+ 
+-      if (!*size)
++      if (len <= 0)
+               return -EINVAL;
+ 
+-      len = *size;
+       if (len > TMPBUFLEN - 1)
+               len = TMPBUFLEN - 1;
+ 

diff --git a/queue-5.10/proc-proc_skip_spaces-shouldn-t-think-it-is-working-on-c-strings.patch b/queue-5.10/proc-proc_skip_spaces-shouldn-t-think-it-is-working-on-c-strings.patch
new file mode 100644 (file)
index 0000000..d99a9c8
--- /dev/null
+++ b/queue-5.10/proc-proc_skip_spaces-shouldn-t-think-it-is-working-on-c-strings.patch
@@ -0,0 +1,106 @@
+From bce9332220bd677d83b19d21502776ad555a0e73 Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Mon, 5 Dec 2022 12:09:06 -0800
+Subject: proc: proc_skip_spaces() shouldn't think it is working on C strings
+
+From: Linus Torvalds <torvalds@linux-foundation.org>
+
+commit bce9332220bd677d83b19d21502776ad555a0e73 upstream.
+
+proc_skip_spaces() seems to think it is working on C strings, and ends
+up being just a wrapper around skip_spaces() with a really odd calling
+convention.
+
+Instead of basing it on skip_spaces(), it should have looked more like
+proc_skip_char(), which really is the exact same function (except it
+skips a particular character, rather than whitespace).  So use that as
+inspiration, odd coding and all.
+
+Now the calling convention actually makes sense and works for the
+intended purpose.
+
+Reported-and-tested-by: Kyle Zeng <zengyhkyle@gmail.com>
+Acked-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/sysctl.c |   25 +++++++++++++------------
+ 1 file changed, 13 insertions(+), 12 deletions(-)
+
+--- a/kernel/sysctl.c
++++ b/kernel/sysctl.c
+@@ -391,13 +391,14 @@ int proc_dostring(struct ctl_table *tabl
+                       ppos);
+ }
+ 
+-static size_t proc_skip_spaces(char **buf)
++static void proc_skip_spaces(char **buf, size_t *size)
+ {
+-      size_t ret;
+-      char *tmp = skip_spaces(*buf);
+-      ret = tmp - *buf;
+-      *buf = tmp;
+-      return ret;
++      while (*size) {
++              if (!isspace(**buf))
++                      break;
++              (*size)--;
++              (*buf)++;
++      }
+ }
+ 
+ static void proc_skip_char(char **buf, size_t *size, const char v)
+@@ -629,7 +630,7 @@ static int __do_proc_dointvec(void *tbl_
+               bool neg;
+ 
+               if (write) {
+-                      left -= proc_skip_spaces(&p);
++                      proc_skip_spaces(&p, &left);
+ 
+                       if (!left)
+                               break;
+@@ -656,7 +657,7 @@ static int __do_proc_dointvec(void *tbl_
+       if (!write && !first && left && !err)
+               proc_put_char(&buffer, &left, '\n');
+       if (write && !err && left)
+-              left -= proc_skip_spaces(&p);
++              proc_skip_spaces(&p, &left);
+       if (write && first)
+               return err ? : -EINVAL;
+       *lenp -= left;
+@@ -698,7 +699,7 @@ static int do_proc_douintvec_w(unsigned
+       if (left > PAGE_SIZE - 1)
+               left = PAGE_SIZE - 1;
+ 
+-      left -= proc_skip_spaces(&p);
++      proc_skip_spaces(&p, &left);
+       if (!left) {
+               err = -EINVAL;
+               goto out_free;
+@@ -718,7 +719,7 @@ static int do_proc_douintvec_w(unsigned
+       }
+ 
+       if (!err && left)
+-              left -= proc_skip_spaces(&p);
++              proc_skip_spaces(&p, &left);
+ 
+ out_free:
+       if (err)
+@@ -1176,7 +1177,7 @@ static int __do_proc_doulongvec_minmax(v
+               if (write) {
+                       bool neg;
+ 
+-                      left -= proc_skip_spaces(&p);
++                      proc_skip_spaces(&p, &left);
+                       if (!left)
+                               break;
+ 
+@@ -1204,7 +1205,7 @@ static int __do_proc_doulongvec_minmax(v
+       if (!write && !first && left && !err)
+               proc_put_char(&buffer, &left, '\n');
+       if (write && !err)
+-              left -= proc_skip_spaces(&p);
++              proc_skip_spaces(&p, &left);
+       if (write && first)
+               return err ? : -EINVAL;
+       *lenp -= left;

diff --git a/queue-5.10/series b/queue-5.10/series
index 2686b75f6af365a1b9b350f16c307123a7efa4bd..272de4de34e855fcdc3ed760ebeaf8aa0f7a672d 100644 (file)
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -90,3 +90,5 @@ revert-clocksource-drivers-riscv-events-are-stopped-.patch
 char-tpm-protect-tpm_pm_suspend-with-locks.patch
 input-raydium_ts_i2c-fix-memory-leak-in-raydium_i2c_send.patch
 block-unhash-blkdev-part-inode-when-the-part-is-deleted.patch
+proc-avoid-integer-type-confusion-in-get_proc_long.patch
+proc-proc_skip_spaces-shouldn-t-think-it-is-working-on-c-strings.patch