From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7F3BF3FFAC2; Thu, 30 Apr 2026 09:45:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777542355; cv=none; b=NdORIR7879uTWJNL0K79CUV561+nQdPjOJ4oWU/cIC72ONSRapcE+svT2FkCeKFrXFbCQXoYV25ZxSIxaY9P7dZhQDq24WUu2p9FXNmpPoOnfXDcEi9DsVrF2UR+3uFzOfZOIMZ1Ghl2w2nRB7dOstHUwaXyyx9eTinU9+OP2x8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777542355; c=relaxed/simple; bh=UpDLWD4oxHyFP99ch3aJwxBm+h7KtymOvkDKAk24mLQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=LKOjyJG29yHoEclcbyEX99vEYVuTeHIpwNhSYiSFab3+X3zbJWgzUBMp+gHYhDWYDhxFrPH3LHFGBtP3TGIf5IwmDgYSJ8C6EmlkVKXqiY5yF8zW3wm6aa7yIadcTDQWXs2J1J3g+mVy3jkLft5Eeily3Ui6TCibj4NxbloMEdw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=H4W59MvG; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="H4W59MvG" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 78DEEC2BCB3; Thu, 30 Apr 2026 09:45:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1777542355; bh=UpDLWD4oxHyFP99ch3aJwxBm+h7KtymOvkDKAk24mLQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=H4W59MvGF9qUiuM4XtsCdNzmpDThGKLlck1tzpV0ZANlO6j9FGjOOG1VT1Pg3eyA5 JqmqIzAx8zC4mlahXpS1K1Kc8a3iWjjPpkEBfisC+i+BEA04Mk2IVBdrAvHEOorbRg Ncj/M1+sfLGTfulL4tkVOVK5I7IvGbbnV1x4GwIA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, akpm@linux-foundation.org, torvalds@linux-foundation.org, stable@vger.kernel.org Cc: lwn@lwn.net, jslaby@suse.cz, Greg Kroah-Hartman Subject: Re: Linux 7.0.3 Date: Thu, 30 Apr 2026 11:45:06 +0200 Message-ID: <2026043052-repent-reckless-1967@gregkh> X-Mailer: git-send-email 2.54.0 In-Reply-To: <2026043052-coasting-tinwork-27b5@gregkh> References: <2026043052-coasting-tinwork-27b5@gregkh> Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit diff --git a/Makefile b/Makefile index b17ca865bcee..61f8019efd5a 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ # SPDX-License-Identifier: GPL-2.0 VERSION = 7 PATCHLEVEL = 0 -SUBLEVEL = 2 +SUBLEVEL = 3 EXTRAVERSION = NAME = Baby Opossum Posse diff --git a/drivers/xen/privcmd.c b/drivers/xen/privcmd.c index 15ba592236e8..725a49a0eee7 100644 --- a/drivers/xen/privcmd.c +++ b/drivers/xen/privcmd.c @@ -1620,6 +1620,12 @@ static void privcmd_close(struct vm_area_struct *vma) kvfree(pages); } +static int privcmd_may_split(struct vm_area_struct *area, unsigned long addr) +{ + /* Forbid splitting, avoids double free via privcmd_close(). */ + return -EINVAL; +} + static vm_fault_t privcmd_fault(struct vm_fault *vmf) { printk(KERN_DEBUG "privcmd_fault: vma=%p %lx-%lx, pgoff=%lx, uv=%p\n", @@ -1631,6 +1637,7 @@ static vm_fault_t privcmd_fault(struct vm_fault *vmf) static const struct vm_operations_struct privcmd_vm_ops = { .close = privcmd_close, + .may_split = privcmd_may_split, .fault = privcmd_fault }; diff --git a/drivers/xen/sys-hypervisor.c b/drivers/xen/sys-hypervisor.c index b1bb01ba82f8..91923242a5ae 100644 --- a/drivers/xen/sys-hypervisor.c +++ b/drivers/xen/sys-hypervisor.c @@ -366,6 +366,8 @@ static ssize_t buildid_show(struct hyp_sysfs_attr *attr, char *buffer) ret = sprintf(buffer, ""); return ret; } + if (ret > PAGE_SIZE) + return -ENOSPC; buildid = kmalloc(sizeof(*buildid) + ret, GFP_KERNEL); if (!buildid) @@ -373,8 +375,10 @@ static ssize_t buildid_show(struct hyp_sysfs_attr *attr, char *buffer) buildid->len = ret; ret = HYPERVISOR_xen_version(XENVER_build_id, buildid); - if (ret > 0) - ret = sprintf(buffer, "%s", buildid->buf); + if (ret > 0) { + /* Build id is binary, not a string. */ + memcpy(buffer, buildid->buf, ret); + } kfree(buildid); return ret;