From: Greg Kroah-Hartman Date: Mon, 30 Dec 2024 08:30:43 +0000 (+0100) Subject: 5.15-stable patches X-Git-Tag: v6.1.123~21 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f08e923d8bf9d96a23921ed5c4aa38cec5ae9787;p=thirdparty%2Fkernel%2Fstable-queue.git 5.15-stable patches added patches: power-supply-gpio-charger-fix-set-charge-current-limits.patch tracing-constify-string-literal-data-member-in-struct-trace_event_call.patch tracing-prevent-bad-count-for-tracing_cpumask_write.patch --- diff --git a/queue-5.15/power-supply-gpio-charger-fix-set-charge-current-limits.patch b/queue-5.15/power-supply-gpio-charger-fix-set-charge-current-limits.patch new file mode 100644 index 00000000000..ccfe0b8c56f --- /dev/null +++ b/queue-5.15/power-supply-gpio-charger-fix-set-charge-current-limits.patch @@ -0,0 +1,41 @@ +From afc6e39e824ad0e44b2af50a97885caec8d213d1 Mon Sep 17 00:00:00 2001 +From: Dimitri Fedrau +Date: Mon, 9 Dec 2024 11:46:15 +0100 +Subject: power: supply: gpio-charger: Fix set charge current limits + +From: Dimitri Fedrau + +commit afc6e39e824ad0e44b2af50a97885caec8d213d1 upstream. + +Fix set charge current limits for devices which allow to set the lowest +charge current limit to be greater zero. If requested charge current limit +is below lowest limit, the index equals current_limit_map_size which leads +to accessing memory beyond allocated memory. + +Fixes: be2919d8355e ("power: supply: gpio-charger: add charge-current-limit feature") +Cc: stable@vger.kernel.org +Signed-off-by: Dimitri Fedrau +Link: https://lore.kernel.org/r/20241209-fix-charge-current-limit-v1-1-760d9b8f2af3@liebherr.com +Signed-off-by: Sebastian Reichel +Signed-off-by: Greg Kroah-Hartman +--- + drivers/power/supply/gpio-charger.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/drivers/power/supply/gpio-charger.c ++++ b/drivers/power/supply/gpio-charger.c +@@ -67,6 +67,14 @@ static int set_charge_current_limit(stru + if (gpio_charger->current_limit_map[i].limit_ua <= val) + break; + } ++ ++ /* ++ * If a valid charge current limit isn't found, default to smallest ++ * current limitation for safety reasons. ++ */ ++ if (i >= gpio_charger->current_limit_map_size) ++ i = gpio_charger->current_limit_map_size - 1; ++ + mapping = gpio_charger->current_limit_map[i]; + + for (i = 0; i < ndescs; i++) { diff --git a/queue-5.15/series b/queue-5.15/series index 09659910215..383564e5271 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -95,3 +95,6 @@ drm-dp_mst-verify-request-type-in-the-corresponding-.patch lib-stackinit-hide-never-taken-branch-from-compiler.patch ksmbd-fix-racy-issue-from-session-lookup-and-expire.patch riscv-fix-ipis-usage-in-kfence_protect_page.patch +tracing-constify-string-literal-data-member-in-struct-trace_event_call.patch +tracing-prevent-bad-count-for-tracing_cpumask_write.patch +power-supply-gpio-charger-fix-set-charge-current-limits.patch diff --git a/queue-5.15/tracing-constify-string-literal-data-member-in-struct-trace_event_call.patch b/queue-5.15/tracing-constify-string-literal-data-member-in-struct-trace_event_call.patch new file mode 100644 index 00000000000..726ccd0a194 --- /dev/null +++ b/queue-5.15/tracing-constify-string-literal-data-member-in-struct-trace_event_call.patch @@ -0,0 +1,66 @@ +From 452f4b31e3f70a52b97890888eeb9eaa9a87139a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 25 Nov 2024 11:50:25 +0100 +Subject: tracing: Constify string literal data member in struct trace_event_call +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Christian Göttsche + +commit 452f4b31e3f70a52b97890888eeb9eaa9a87139a upstream. + +The name member of the struct trace_event_call is assigned with +generated string literals; declare them pointer to read-only. + +Reported by clang: + + security/landlock/syscalls.c:179:1: warning: initializing 'char *' with an expression of type 'const char[34]' discards qualifiers [-Wincompatible-pointer-types-discards-qualifiers] + 179 | SYSCALL_DEFINE3(landlock_create_ruleset, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + 180 | const struct landlock_ruleset_attr __user *const, attr, + | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + 181 | const size_t, size, const __u32, flags) + | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + ./include/linux/syscalls.h:226:36: note: expanded from macro 'SYSCALL_DEFINE3' + 226 | #define SYSCALL_DEFINE3(name, ...) SYSCALL_DEFINEx(3, _##name, __VA_ARGS__) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + ./include/linux/syscalls.h:234:2: note: expanded from macro 'SYSCALL_DEFINEx' + 234 | SYSCALL_METADATA(sname, x, __VA_ARGS__) \ + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + ./include/linux/syscalls.h:184:2: note: expanded from macro 'SYSCALL_METADATA' + 184 | SYSCALL_TRACE_ENTER_EVENT(sname); \ + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + ./include/linux/syscalls.h:151:30: note: expanded from macro 'SYSCALL_TRACE_ENTER_EVENT' + 151 | .name = "sys_enter"#sname, \ + | ^~~~~~~~~~~~~~~~~ + +Cc: stable@vger.kernel.org +Cc: Masami Hiramatsu +Cc: Mathieu Desnoyers +Cc: Mickaël Salaün +Cc: Günther Noack +Cc: Nathan Chancellor +Cc: Nick Desaulniers +Cc: Bill Wendling +Cc: Justin Stitt +Link: https://lore.kernel.org/20241125105028.42807-1-cgoettsche@seltendoof.de +Fixes: b77e38aa240c3 ("tracing: add event trace infrastructure") +Signed-off-by: Christian Göttsche +Signed-off-by: Steven Rostedt (Google) +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/trace_events.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/include/linux/trace_events.h ++++ b/include/linux/trace_events.h +@@ -347,7 +347,7 @@ struct trace_event_call { + struct list_head list; + struct trace_event_class *class; + union { +- char *name; ++ const char *name; + /* Set TRACE_EVENT_FL_TRACEPOINT flag when using "tp" */ + struct tracepoint *tp; + }; diff --git a/queue-5.15/tracing-prevent-bad-count-for-tracing_cpumask_write.patch b/queue-5.15/tracing-prevent-bad-count-for-tracing_cpumask_write.patch new file mode 100644 index 00000000000..cb00c70d588 --- /dev/null +++ b/queue-5.15/tracing-prevent-bad-count-for-tracing_cpumask_write.patch @@ -0,0 +1,37 @@ +From 98feccbf32cfdde8c722bc4587aaa60ee5ac33f0 Mon Sep 17 00:00:00 2001 +From: Lizhi Xu +Date: Mon, 16 Dec 2024 15:32:38 +0800 +Subject: tracing: Prevent bad count for tracing_cpumask_write + +From: Lizhi Xu + +commit 98feccbf32cfdde8c722bc4587aaa60ee5ac33f0 upstream. + +If a large count is provided, it will trigger a warning in bitmap_parse_user. +Also check zero for it. + +Cc: stable@vger.kernel.org +Fixes: 9e01c1b74c953 ("cpumask: convert kernel trace functions") +Link: https://lore.kernel.org/20241216073238.2573704-1-lizhi.xu@windriver.com +Reported-by: syzbot+0aecfd34fb878546f3fd@syzkaller.appspotmail.com +Closes: https://syzkaller.appspot.com/bug?extid=0aecfd34fb878546f3fd +Tested-by: syzbot+0aecfd34fb878546f3fd@syzkaller.appspotmail.com +Signed-off-by: Lizhi Xu +Signed-off-by: Steven Rostedt (Google) +Signed-off-by: Greg Kroah-Hartman +--- + kernel/trace/trace.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -5250,6 +5250,9 @@ tracing_cpumask_write(struct file *filp, + cpumask_var_t tracing_cpumask_new; + int err; + ++ if (count == 0 || count > KMALLOC_MAX_SIZE) ++ return -EINVAL; ++ + if (!zalloc_cpumask_var(&tracing_cpumask_new, GFP_KERNEL)) + return -ENOMEM; +