- Kernel - mailweb.openeuler.org

[PATCH OLK-6.6] apparmor: Fix & Optimize table creation from possibly unaligned memory
by Gu Bowen 03 Jun '26

03 Jun '26

From: Helge Deller <deller(a)kernel.org> mainline inclusion from mainline-v7.0-rc1 commit 6fc367bfd4c8886e6b1742aabbd1c0bdc310db3a category: bugfix bugzilla: https://atomgit.com/src-openeuler/kernel/issues/15143 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- Source blob may come from userspace and might be unaligned. Try to optize the copying process by avoiding unaligned memory accesses. - Added Fixes tag - Added "Fix &" to description as this doesn't just optimize but fixes a potential unaligned memory access Fixes: e6e8bf418850d ("apparmor: fix restricted endian type warnings for dfa unpack") Signed-off-by: Helge Deller <deller(a)gmx.de> [jj: remove duplicate word "convert" in comment trigger checkpatch warning] Signed-off-by: John Johansen <john.johansen(a)canonical.com> Conflicts: security/apparmor/include/match.h [Context conflicts.] Signed-off-by: Gu Bowen <gubowen5(a)huawei.com> --- security/apparmor/include/match.h | 12 +++++++----- security/apparmor/match.c | 7 +++---- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/security/apparmor/include/match.h b/security/apparmor/include/match.h index 82b13c103454..47b55a1971de 100644 --- a/security/apparmor/include/match.h +++ b/security/apparmor/include/match.h @@ -105,16 +105,18 @@ struct aa_dfa { extern struct aa_dfa *nulldfa; extern struct aa_dfa *stacksplitdfa; -#define byte_to_byte(X) (X) - #define UNPACK_ARRAY(TABLE, BLOB, LEN, TTYPE, BTYPE, NTOHX) \ do { \ typeof(LEN) __i; \ TTYPE *__t = (TTYPE *) TABLE; \ BTYPE *__b = (BTYPE *) BLOB; \ - for (__i = 0; __i < LEN; __i++) { \ - __t[__i] = NTOHX(__b[__i]); \ - } \ + BUILD_BUG_ON(sizeof(TTYPE) != sizeof(BTYPE)); \ + if (IS_ENABLED(CONFIG_CPU_BIG_ENDIAN)) \ + memcpy(__t, __b, (LEN) * sizeof(BTYPE)); \ + else /* copy & convert from big-endian */ \ + for (__i = 0; __i < LEN; __i++) { \ + __t[__i] = NTOHX(&__b[__i]); \ + } \ } while (0) static inline size_t table_size(size_t len, size_t el_size) diff --git a/security/apparmor/match.c b/security/apparmor/match.c index ed2ed6e40849..130addfa6bb9 100644 --- a/security/apparmor/match.c +++ b/security/apparmor/match.c @@ -110,14 +110,13 @@ static struct table_header *unpack_table(char *blob, size_t bsize) table->td_flags = th.td_flags; table->td_lolen = th.td_lolen; if (th.td_flags == YYTD_DATA8) - UNPACK_ARRAY(table->td_data, blob, th.td_lolen, - u8, u8, byte_to_byte); + memcpy(table->td_data, blob, th.td_lolen); else if (th.td_flags == YYTD_DATA16) UNPACK_ARRAY(table->td_data, blob, th.td_lolen, - u16, __be16, be16_to_cpu); + u16, __be16, get_unaligned_be16); else if (th.td_flags == YYTD_DATA32) UNPACK_ARRAY(table->td_data, blob, th.td_lolen, - u32, __be32, be32_to_cpu); + u32, __be32, get_unaligned_be32); else goto fail; /* if table was vmalloced make sure the page tables are synced -- 2.43.0

2 1

[PATCH OLK-5.10] fbcon: Fix the issue of uninitialized charcount in the remaining consoles
by Luo Gengkun 03 Jun '26

03 Jun '26

HULK inclusion category: bugfix bugzilla: https://atomgit.com/openeuler/kernel/issues/9126 CVE: NA ---------------------------------------------------------------------- After commit 054a54161b88 ("fbdev: bitblit: bound-check glyph index in bit_putcs*") was merged, using alt+ctrl+f1 to switch the tty from tty0 to tty1 results in garbled display. The reason is the vc->vc_font.charcount is 0, it is clearly an uninitialized value. The mainline is fine because commit a1ac250a82a5 ("fbcon: Avoid using FNTCHARCNT() and hard-coded built-in font charcount") assigns the fvc->vc_font.charcount to vc->vc_font.charcount. Fixes: 06a0aaef1910 ("fbdev: bitblit: bound-check glyph index in bit_putcs*") Signed-off-by: Luo Gengkun <luogengkun2(a)huawei.com> --- drivers/video/fbdev/core/fbcon.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c index d0a11b7543b6..d49dc3ef4f53 100644 --- a/drivers/video/fbdev/core/fbcon.c +++ b/drivers/video/fbdev/core/fbcon.c @@ -1071,6 +1071,7 @@ static void fbcon_init(struct vc_data *vc, int init) fvc->vc_font.data); vc->vc_font.width = fvc->vc_font.width; vc->vc_font.height = fvc->vc_font.height; + vc->vc_font.charcount = fvc->vc_font.charcount; p->userfont = t->userfont; if (p->userfont) -- 2.34.1

2 1

[PATCH OLK-5.10] dlm: validate length in dlm_search_rsb_tree
by Gu Bowen 03 Jun '26

03 Jun '26

From: Ezrak1e <ezrakiez(a)gmail.com> mainline inclusion from mainline-v7.0-rc1 commit 080e5563f878c64e697b89e7439d730d0daad882 category: bugfix bugzilla: https://atomgit.com/src-openeuler/kernel/issues/14672 CVE: CVE-2026-43125 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- The len parameter in dlm_dump_rsb_name() is not validated and comes from network messages. When it exceeds DLM_RESNAME_MAXLEN, it can cause out-of-bounds write in dlm_search_rsb_tree(). Add length validation to prevent potential buffer overflow. Signed-off-by: Ezrak1e <ezrakiez(a)gmail.com> Signed-off-by: Alexander Aring <aahringo(a)redhat.com> Signed-off-by: David Teigland <teigland(a)redhat.com> Conflicts: fs/dlm/lock.c [Context conflicts due to commit 6c648035cbe7 ("dlm: switch to use rhashtable for rsbs") not merge.] Signed-off-by: Gu Bowen <gubowen5(a)huawei.com> --- fs/dlm/lock.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/dlm/lock.c b/fs/dlm/lock.c index 51ab06308bc7..339f7d4c793f 100644 --- a/fs/dlm/lock.c +++ b/fs/dlm/lock.c @@ -449,6 +449,9 @@ int dlm_search_rsb_tree(struct rb_root *tree, char *name, int len, struct dlm_rsb *r; int rc; + if (len > DLM_RESNAME_MAXLEN) + return -EINVAL; + while (node) { r = rb_entry(node, struct dlm_rsb, res_hashnode); rc = rsb_cmp(r, name, len); -- 2.43.0

2 1

[PATCH OLK-6.6] dlm: validate length in dlm_search_rsb_tree
by Gu Bowen 03 Jun '26

03 Jun '26

From: Ezrak1e <ezrakiez(a)gmail.com> mainline inclusion from mainline-v7.0-rc1 commit 080e5563f878c64e697b89e7439d730d0daad882 category: bugfix bugzilla: https://atomgit.com/src-openeuler/kernel/issues/14672 CVE: CVE-2026-43125 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- The len parameter in dlm_dump_rsb_name() is not validated and comes from network messages. When it exceeds DLM_RESNAME_MAXLEN, it can cause out-of-bounds write in dlm_search_rsb_tree(). Add length validation to prevent potential buffer overflow. Signed-off-by: Ezrak1e <ezrakiez(a)gmail.com> Signed-off-by: Alexander Aring <aahringo(a)redhat.com> Signed-off-by: David Teigland <teigland(a)redhat.com> Conflicts: fs/dlm/lock.c [Context conflicts due to commit 6c648035cbe7 ("dlm: switch to use rhashtable for rsbs") not merge.] Signed-off-by: Gu Bowen <gubowen5(a)huawei.com> --- fs/dlm/lock.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/dlm/lock.c b/fs/dlm/lock.c index 6712d733fc90..6c708ccbdf3c 100644 --- a/fs/dlm/lock.c +++ b/fs/dlm/lock.c @@ -444,6 +444,9 @@ int dlm_search_rsb_tree(struct rb_root *tree, const void *name, int len, struct dlm_rsb *r; int rc; + if (len > DLM_RESNAME_MAXLEN) + return -EINVAL; + while (node) { r = rb_entry(node, struct dlm_rsb, res_hashnode); rc = rsb_cmp(r, name, len); -- 2.43.0

2 2

[PATCH OLK-6.6] vsock: fix buffer size clamping order
by Wupeng Ma 03 Jun '26

03 Jun '26

From: Norbert Szetei <norbert(a)doyensec.com> stable inclusion from stable-v6.6.140 commit a998a7e250bf976539e05a00ec64a81292afecaa category: bugfix bugzilla: https://atomgit.com/src-openeuler/kernel/issues/15478 CVE: CVE-2026-46234 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- commit d114bfdc9b76bf93b881e195b7ec957c14227bab upstream. In vsock_update_buffer_size(), the buffer size was being clamped to the maximum first, and then to the minimum. If a user sets a minimum buffer size larger than the maximum, the minimum check overrides the maximum check, inverting the constraint. This breaks the intended socket memory boundaries by allowing the vsk->buffer_size to grow beyond the configured vsk->buffer_max_size. Fix this by checking the minimum first, and then the maximum. This ensures the buffer size never exceeds the buffer_max_size. Fixes: b9f2b0ffde0c ("vsock: handle buffer_size sockopts in the core") Suggested-by: Stefano Garzarella <sgarzare(a)redhat.com> Signed-off-by: Norbert Szetei <norbert(a)doyensec.com> Reviewed-by: Stefano Garzarella <sgarzare(a)redhat.com> Link: https://patch.msgid.link/180118C5-8BCF-4A63-A305-4EE53A34AB9C@doyensec.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Cc: Luigi Leonardi <leonardi(a)redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Wupeng Ma <mawupeng1(a)huawei.com> --- net/vmw_vsock/af_vsock.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c index ca1289e64bcc8..187cc259f820b 100644 --- a/net/vmw_vsock/af_vsock.c +++ b/net/vmw_vsock/af_vsock.c @@ -1728,12 +1728,12 @@ static void vsock_update_buffer_size(struct vsock_sock *vsk, const struct vsock_transport *transport, u64 val) { - if (val > vsk->buffer_max_size) - val = vsk->buffer_max_size; - if (val < vsk->buffer_min_size) val = vsk->buffer_min_size; + if (val > vsk->buffer_max_size) + val = vsk->buffer_max_size; + if (val != vsk->buffer_size && transport && transport->notify_buffer_size) transport->notify_buffer_size(vsk, &val); -- 2.43.0

2 2

[PATCH OLK-5.10] fbcon: Fix the issue of uninitialized charcount in the remaining consoles
by Luo Gengkun 03 Jun '26

03 Jun '26

From: Luo Gengkun <luogengkun(a)huaweicloud.com> HULK inclusion category: bugfix bugzilla: https://atomgit.com/openeuler/kernel/issues/9126 CVE: NA ---------------------------------------------------------------------- After commit 054a54161b88 ("fbdev: bitblit: bound-check glyph index in bit_putcs*") was merged, using alt+ctrl+f1 to switch the tty from tty0 to tty1 results in garbled display. The reason is the vc->vc_font.charcount is 0, it is clearly an uninitialized value. The mainline is fine because commit a1ac250a82a5 ("fbcon: Avoid using FNTCHARCNT() and hard-coded built-in font charcount") assigns the fvc->vc_font.charcount to vc->vc_font.charcount. Fixes: 06a0aaef1910 ("fbdev: bitblit: bound-check glyph index in bit_putcs*") Signed-off-by: Luo Gengkun <luogengkun2(a)huawei.com> --- drivers/video/fbdev/core/fbcon.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c index d0a11b7543b6..d49dc3ef4f53 100644 --- a/drivers/video/fbdev/core/fbcon.c +++ b/drivers/video/fbdev/core/fbcon.c @@ -1071,6 +1071,7 @@ static void fbcon_init(struct vc_data *vc, int init) fvc->vc_font.data); vc->vc_font.width = fvc->vc_font.width; vc->vc_font.height = fvc->vc_font.height; + vc->vc_font.charcount = fvc->vc_font.charcount; p->userfont = t->userfont; if (p->userfont) -- 2.34.1

2 2

[PATCH OLK-6.6] fbcon: Fix the issue of uninitialized charcount in the remaining consoles
by Luo Gengkun 03 Jun '26

03 Jun '26

From: Luo Gengkun <luogengkun(a)huaweicloud.com> HULK inclusion category: bugfix bugzilla: https://atomgit.com/openeuler/kernel/issues/9126 CVE: NA ---------------------------------------------------------------------- After commit 054a54161b88 ("fbdev: bitblit: bound-check glyph index in bit_putcs*") was merged, using alt+ctrl+f1 to switch the tty from tty0 to tty1 results in garbled display. The reason is the vc->vc_font.charcount is 0, it is clearly an uninitialized value. The mainline is fine because commit a1ac250a82a5 ("fbcon: Avoid using FNTCHARCNT() and hard-coded built-in font charcount") assigns the fvc->vc_font.charcount to vc->vc_font.charcount. Fixes: 06a0aaef1910 ("fbdev: bitblit: bound-check glyph index in bit_putcs*") Signed-off-by: Luo Gengkun <luogengkun2(a)huawei.com> --- drivers/video/fbdev/core/fbcon.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c index d0a11b7543b6..d49dc3ef4f53 100644 --- a/drivers/video/fbdev/core/fbcon.c +++ b/drivers/video/fbdev/core/fbcon.c @@ -1071,6 +1071,7 @@ static void fbcon_init(struct vc_data *vc, int init) fvc->vc_font.data); vc->vc_font.width = fvc->vc_font.width; vc->vc_font.height = fvc->vc_font.height; + vc->vc_font.charcount = fvc->vc_font.charcount; p->userfont = t->userfont; if (p->userfont) -- 2.34.1

2 1

[PATCH OLK-6.6] bpf: Avoid soft lockup in bpf_uprobe_unregister
by Pu Lehui 03 Jun '26

03 Jun '26

hulk inclusion category: bugfix bugzilla: https://atomgit.com/openeuler/kernel/issues/9318 -------------------------------- Syzkaller report a following issue: watchdog: BUG: soft lockup - CPU#0 stuck for 109s! [syz.0.555:3563] Modules linked in: CPU: 0 PID: 3563 Comm: syz.0.555 Not tainted 6.6.0+ #80 RIP: 0010:consumer_del kernel/events/uprobes.c:789 [inline] RIP: 0010:__uprobe_unregister+0x9e/0x260 kernel/events/uprobes.c:1107 RSP: 0018:ffff888143a47a58 EFLAGS: 00000246 RAX: 0000000000000000 RBX: ffffc900156aaf78 RCX: ffffffffa7128384 RDX: 1ffff92002ad55ef RSI: 0000000000000008 RDI: ffff888120c1e050 RBP: ffffc90015504a20 R08: 0000000000000001 R09: ffffed1024183c0a R10: ffff888120c1e057 R11: ffff888100e3a058 R12: dffffc0000000000 R13: ffff888120c1e000 R14: ffffc900156aaf20 R15: ffff888120c1e080 FS: 0000000000000000(0000) GS:ffff8881e1400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffd57aa2048 CR3: 000000021a742006 CR4: 0000000000770ef0 PKRU: 80000000 Call Trace: <TASK> uprobe_unregister+0x62/0x90 kernel/events/uprobes.c:1131 bpf_uprobe_unregister kernel/trace/bpf_trace.c:3082 [inline] bpf_uprobe_multi_link_release+0xd5/0x1f0 kernel/trace/bpf_trace.c:3092 bpf_link_free+0x16b/0x2c0 kernel/bpf/syscall.c:2929 bpf_link_put_direct kernel/bpf/syscall.c:2969 [inline] bpf_link_release+0x68/0x80 kernel/bpf/syscall.c:2976 __fput+0x408/0xab0 fs/file_table.c:384 task_work_run+0x154/0x240 kernel/task_work.c:245 exit_task_work include/linux/task_work.h:45 [inline] do_exit+0x813/0x1140 kernel/exit.c:882 do_group_exit+0xcd/0x280 kernel/exit.c:1023 get_signal+0x185b/0x1910 kernel/signal.c:2908 arch_do_signal_or_restart+0x83/0x3b0 arch/x86/kernel/signal.c:310 exit_to_user_mode_loop kernel/entry/common.c:111 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x20b/0x220 kernel/entry/common.c:218 do_syscall_64+0x66/0x110 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x78/0xe2 The reason is that syzkaller attempts to unregister 287088 uprobes when CONFIG_PREEMPT_NONE. Let's add cond_resched to avoid soft lockup in bpf_uprobe_unregister. Fixes: 89ae89f53d20 ("bpf: Add multi uprobe link") Signed-off-by: Pu Lehui <pulehui(a)huawei.com> --- kernel/trace/bpf_trace.c | 1 + 1 file changed, 1 insertion(+) diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index 768159fad93c..435f078782e2 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -3077,6 +3077,7 @@ static void bpf_uprobe_unregister(struct path *path, struct bpf_uprobe *uprobes, for (i = 0; i < cnt; i++) { uprobe_unregister(d_real_inode(path->dentry), uprobes[i].offset, &uprobes[i].consumer); + cond_resched(); } } -- 2.34.1

2 1

[PATCH OLK-5.10] netfilter: nft_ct: fix use-after-free in timeout object destroy
by superdcc97＠163.com 02 Jun '26

02 Jun '26

From: Tuan Do <tuan(a)calif.io> stable inclusion from stable-v5.10.253 commit c458fc1c278a65ad5381083121d39a479973ebed category: bugfix bugzilla: https://atomgit.com/src-openeuler/kernel/issues/14407 CVE: CVE-2026-31665 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- commit f8dca15a1b190787bbd03285304b569631160eda upstream. nft_ct_timeout_obj_destroy() frees the timeout object with kfree() immediately after nf_ct_untimeout(), without waiting for an RCU grace period. Concurrent packet processing on other CPUs may still hold RCU-protected references to the timeout object obtained via rcu_dereference() in nf_ct_timeout_data(). Add an rcu_head to struct nf_ct_timeout and use kfree_rcu() to defer freeing until after an RCU grace period, matching the approach already used in nfnetlink_cttimeout.c. KASAN report: BUG: KASAN: slab-use-after-free in nf_conntrack_tcp_packet+0x1381/0x29d0 Read of size 4 at addr ffff8881035fe19c by task exploit/80 Call Trace: nf_conntrack_tcp_packet+0x1381/0x29d0 nf_conntrack_in+0x612/0x8b0 nf_hook_slow+0x70/0x100 __ip_local_out+0x1b2/0x210 tcp_sendmsg_locked+0x722/0x1580 __sys_sendto+0x2d8/0x320 Allocated by task 75: nft_ct_timeout_obj_init+0xf6/0x290 nft_obj_init+0x107/0x1b0 nf_tables_newobj+0x680/0x9c0 nfnetlink_rcv_batch+0xc29/0xe00 Freed by task 26: nft_obj_destroy+0x3f/0xa0 nf_tables_trans_destroy_work+0x51c/0x5c0 process_one_work+0x2c4/0x5a0 Fixes: 7e0b2b57f01d ("netfilter: nft_ct: add ct timeout support") Cc: stable(a)vger.kernel.org Signed-off-by: Tuan Do <tuan(a)calif.io> Signed-off-by: Florian Westphal <fw(a)strlen.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Dong Chenchen <dongchenchen2(a)huawei.com> --- include/net/netfilter/nf_conntrack_timeout.h | 1 + net/netfilter/nft_ct.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/include/net/netfilter/nf_conntrack_timeout.h b/include/net/netfilter/nf_conntrack_timeout.h index 659b0ea25b4d..16e024ca1587 100644 --- a/include/net/netfilter/nf_conntrack_timeout.h +++ b/include/net/netfilter/nf_conntrack_timeout.h @@ -14,6 +14,7 @@ struct nf_ct_timeout { __u16 l3num; const struct nf_conntrack_l4proto *l4proto; + struct rcu_head rcu; char data[]; }; diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c index e0fa3e73fed4..2ac4c6b16459 100644 --- a/net/netfilter/nft_ct.c +++ b/net/netfilter/nft_ct.c @@ -934,7 +934,7 @@ static void nft_ct_timeout_obj_destroy(const struct nft_ctx *ctx, nf_queue_nf_hook_drop(ctx->net); nf_ct_untimeout(ctx->net, timeout); nf_ct_netns_put(ctx->net, ctx->family); - kfree(priv->timeout); + kfree_rcu(priv->timeout, rcu); } static int nft_ct_timeout_obj_dump(struct sk_buff *skb, -- 2.43.0

2 1

[PATCH OLK-6.6] vsock: fix buffer size clamping order
by Wupeng Ma 02 Jun '26

02 Jun '26

From: Norbert Szetei <norbert(a)doyensec.com> stable inclusion from stable-v6.6.140 commit a998a7e250bf976539e05a00ec64a81292afecaa category: bugfix bugzilla: https://atomgit.com/openeuler/kernel/issues/9194 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- commit d114bfdc9b76bf93b881e195b7ec957c14227bab upstream. In vsock_update_buffer_size(), the buffer size was being clamped to the maximum first, and then to the minimum. If a user sets a minimum buffer size larger than the maximum, the minimum check overrides the maximum check, inverting the constraint. This breaks the intended socket memory boundaries by allowing the vsk->buffer_size to grow beyond the configured vsk->buffer_max_size. Fix this by checking the minimum first, and then the maximum. This ensures the buffer size never exceeds the buffer_max_size. Fixes: b9f2b0ffde0c ("vsock: handle buffer_size sockopts in the core") Suggested-by: Stefano Garzarella <sgarzare(a)redhat.com> Signed-off-by: Norbert Szetei <norbert(a)doyensec.com> Reviewed-by: Stefano Garzarella <sgarzare(a)redhat.com> Link: https://patch.msgid.link/180118C5-8BCF-4A63-A305-4EE53A34AB9C@doyensec.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Cc: Luigi Leonardi <leonardi(a)redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Yuan Can <yuancan(a)huawei.com> --- net/vmw_vsock/af_vsock.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c index ca1289e64bcc8..187cc259f820b 100644 --- a/net/vmw_vsock/af_vsock.c +++ b/net/vmw_vsock/af_vsock.c @@ -1728,12 +1728,12 @@ static void vsock_update_buffer_size(struct vsock_sock *vsk, const struct vsock_transport *transport, u64 val) { - if (val > vsk->buffer_max_size) - val = vsk->buffer_max_size; - if (val < vsk->buffer_min_size) val = vsk->buffer_min_size; + if (val > vsk->buffer_max_size) + val = vsk->buffer_max_size; + if (val != vsk->buffer_size && transport && transport->notify_buffer_size) transport->notify_buffer_size(vsk, &val); -- 2.43.0

2 1