--- /dev/null
+From aee8dab976b706d15bf6f112b1c97858dce4c16a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 19 Sep 2019 11:04:48 -0500
+Subject: crypto: ccp - Release all allocated memory if sha type is invalid
+
+From: Navid Emamdoost <navid.emamdoost@gmail.com>
+
+[ Upstream commit 128c66429247add5128c03dc1e144ca56f05a4e2 ]
+
+Release all allocated memory if sha type is invalid:
+In ccp_run_sha_cmd, if the type of sha is invalid, the allocated
+hmac_buf should be released.
+
+v2: fix the goto.
+
+Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
+Acked-by: Gary R Hook <gary.hook@amd.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/crypto/ccp/ccp-ops.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c
+index c8da8eb160da0..422193690fd47 100644
+--- a/drivers/crypto/ccp/ccp-ops.c
++++ b/drivers/crypto/ccp/ccp-ops.c
+@@ -1777,8 +1777,9 @@ ccp_run_sha_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd)
+ LSB_ITEM_SIZE);
+ break;
+ default:
++ kfree(hmac_buf);
+ ret = -EINVAL;
+- goto e_ctx;
++ goto e_data;
+ }
+
+ memset(&hmac_cmd, 0, sizeof(hmac_cmd));
+--
+2.25.1
+
--- /dev/null
+From fba77c08b0801d1c0166fbd8fb9d3c3c20f80494 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 25 Sep 2019 12:02:41 -0300
+Subject: media: rc: prevent memory leak in cx23888_ir_probe
+
+From: Navid Emamdoost <navid.emamdoost@gmail.com>
+
+[ Upstream commit a7b2df76b42bdd026e3106cf2ba97db41345a177 ]
+
+In cx23888_ir_probe if kfifo_alloc fails the allocated memory for state
+should be released.
+
+Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
+Signed-off-by: Sean Young <sean@mess.org>
+Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/media/pci/cx23885/cx23888-ir.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/media/pci/cx23885/cx23888-ir.c b/drivers/media/pci/cx23885/cx23888-ir.c
+index e880afe37f151..d59ca3601785e 100644
+--- a/drivers/media/pci/cx23885/cx23888-ir.c
++++ b/drivers/media/pci/cx23885/cx23888-ir.c
+@@ -1167,8 +1167,11 @@ int cx23888_ir_probe(struct cx23885_dev *dev)
+ return -ENOMEM;
+
+ spin_lock_init(&state->rx_kfifo_lock);
+- if (kfifo_alloc(&state->rx_kfifo, CX23888_IR_RX_KFIFO_SIZE, GFP_KERNEL))
++ if (kfifo_alloc(&state->rx_kfifo, CX23888_IR_RX_KFIFO_SIZE,
++ GFP_KERNEL)) {
++ kfree(state);
+ return -ENOMEM;
++ }
+
+ state->dev = dev;
+ sd = &state->sd;
+--
+2.25.1
+
--- /dev/null
+From 9b449c12b3a9f749f7d8aaadffe25a817603fd63 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 30 Jul 2020 18:55:53 -0400
+Subject: sunrpc: check that domain table is empty at module unload.
+
+[ Upstream commit f45db2b909c7e76f35850e78f017221f30282b8e ]
+
+The domain table should be empty at module unload. If it isn't there is
+a bug somewhere. So check and report.
+
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=206651
+Signed-off-by: NeilBrown <neilb@suse.de>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/sunrpc/sunrpc.h | 1 +
+ net/sunrpc/sunrpc_syms.c | 2 ++
+ net/sunrpc/svcauth.c | 27 +++++++++++++++++++++++++++
+ 3 files changed, 30 insertions(+)
+
+diff --git a/net/sunrpc/sunrpc.h b/net/sunrpc/sunrpc.h
+index c9bacb3c930fa..82035fa65b8f9 100644
+--- a/net/sunrpc/sunrpc.h
++++ b/net/sunrpc/sunrpc.h
+@@ -56,4 +56,5 @@ int svc_send_common(struct socket *sock, struct xdr_buf *xdr,
+
+ int rpc_clients_notifier_register(void);
+ void rpc_clients_notifier_unregister(void);
++void auth_domain_cleanup(void);
+ #endif /* _NET_SUNRPC_SUNRPC_H */
+diff --git a/net/sunrpc/sunrpc_syms.c b/net/sunrpc/sunrpc_syms.c
+index f9edaa9174a43..236fadc4a4399 100644
+--- a/net/sunrpc/sunrpc_syms.c
++++ b/net/sunrpc/sunrpc_syms.c
+@@ -23,6 +23,7 @@
+ #include <linux/sunrpc/rpc_pipe_fs.h>
+ #include <linux/sunrpc/xprtsock.h>
+
++#include "sunrpc.h"
+ #include "netns.h"
+
+ unsigned int sunrpc_net_id;
+@@ -131,6 +132,7 @@ cleanup_sunrpc(void)
+ unregister_rpc_pipefs();
+ rpc_destroy_mempool();
+ unregister_pernet_subsys(&sunrpc_net_ops);
++ auth_domain_cleanup();
+ #if IS_ENABLED(CONFIG_SUNRPC_DEBUG)
+ rpc_unregister_sysctl();
+ #endif
+diff --git a/net/sunrpc/svcauth.c b/net/sunrpc/svcauth.c
+index 550b214cb0015..998b196b61767 100644
+--- a/net/sunrpc/svcauth.c
++++ b/net/sunrpc/svcauth.c
+@@ -19,6 +19,10 @@
+ #include <linux/err.h>
+ #include <linux/hash.h>
+
++#include <trace/events/sunrpc.h>
++
++#include "sunrpc.h"
++
+ #define RPCDBG_FACILITY RPCDBG_AUTH
+
+
+@@ -203,3 +207,26 @@ struct auth_domain *auth_domain_find(char *name)
+ return NULL;
+ }
+ EXPORT_SYMBOL_GPL(auth_domain_find);
++
++/**
++ * auth_domain_cleanup - check that the auth_domain table is empty
++ *
++ * On module unload the auth_domain_table must be empty. To make it
++ * easier to catch bugs which don't clean up domains properly, we
++ * warn if anything remains in the table at cleanup time.
++ *
++ * Note that we cannot proactively remove the domains at this stage.
++ * The ->release() function might be in a module that has already been
++ * unloaded.
++ */
++
++void auth_domain_cleanup(void)
++{
++ int h;
++ struct auth_domain *hp;
++
++ for (h = 0; h < DN_HASHMAX; h++)
++ hlist_for_each_entry(hp, &auth_domain_table[h], hash)
++ pr_warn("svc: domain %s still present at module unload.\n",
++ hp->name);
++}
+--
+2.25.1
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
