5.10-stable patches

author Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Mon, 22 Jan 2024 17:37:38 +0000 (09:37 -0800)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Mon, 22 Jan 2024 17:37:38 +0000 (09:37 -0800)
author Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 22 Jan 2024 17:37:38 +0000 (09:37 -0800)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 22 Jan 2024 17:37:38 +0000 (09:37 -0800)
diff --git a/queue-5.10/dma-mapping-fix-build-error-unused-value.patch b/queue-5.10/dma-mapping-fix-build-error-unused-value.patch

new file mode 100644 (file)

index 0000000..fa40013
--- /dev/null
+++ b/queue-5.10/dma-mapping-fix-build-error-unused-value.patch
@@ -0,0 +1,51 @@
+From 50d6281ce9b8412f7ef02d1bc9d23aa62ae0cf98 Mon Sep 17 00:00:00 2001
+From: Ren Zhijie <renzhijie2@huawei.com>
+Date: Thu, 30 Jun 2022 20:35:28 +0800
+Subject: dma-mapping: Fix build error unused-value
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Ren Zhijie <renzhijie2@huawei.com>
+
+commit 50d6281ce9b8412f7ef02d1bc9d23aa62ae0cf98 upstream.
+
+If CONFIG_DMA_DECLARE_COHERENT is not set,
+make ARCH=x86_64 CROSS_COMPILE=x86_64-linux-gnu- will be failed, like this:
+
+drivers/remoteproc/remoteproc_core.c: In function ‘rproc_rvdev_release’:
+./include/linux/dma-map-ops.h:182:42: error: statement with no effect [-Werror=unused-value]
+ #define dma_release_coherent_memory(dev) (0)
+                                          ^
+drivers/remoteproc/remoteproc_core.c:464:2: note: in expansion of macro ‘dma_release_coherent_memory’
+  dma_release_coherent_memory(dev);
+  ^~~~~~~~~~~~~~~~~~~~~~~~~~~
+cc1: all warnings being treated as errors
+
+The return type of function dma_release_coherent_memory in CONFIG_DMA_DECLARE_COHERENT area is void, so in !CONFIG_DMA_DECLARE_COHERENT area it should neither return any value nor be defined as zero.
+
+Reported-by: Hulk Robot <hulkci@huawei.com>
+Fixes: e61c451476e6 ("dma-mapping: Add dma_release_coherent_memory to DMA API")
+Signed-off-by: Ren Zhijie <renzhijie2@huawei.com>
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+Link: https://lore.kernel.org/r/20220630123528.251181-1-renzhijie2@huawei.com
+Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/linux/dma-map-ops.h |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/include/linux/dma-map-ops.h
++++ b/include/linux/dma-map-ops.h
+@@ -185,10 +185,10 @@ static inline int dma_declare_coherent_m
+       return -ENOSYS;
+ }
+ 
+-#define dma_release_coherent_memory(dev) (0)
+ #define dma_alloc_from_dev_coherent(dev, size, handle, ret) (0)
+ #define dma_release_from_dev_coherent(dev, order, vaddr) (0)
+ #define dma_mmap_from_dev_coherent(dev, vma, vaddr, order, ret) (0)
++static inline void dma_release_coherent_memory(struct device *dev) { }
+ 
+ static inline void *dma_alloc_from_global_coherent(struct device *dev,
+               ssize_t size, dma_addr_t *dma_handle)
diff --git a/queue-5.10/series b/queue-5.10/series

index de79d7d07949675e2163dacf85172f1b51832dd4..f170560eb8ae31bf4b1d16bcedb2e0bd087ebc36 100644 (file)
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -199,3 +199,6 @@ binder-fix-async-space-check-for-0-sized-buffers.patch
  binder-fix-unused-alloc-free_async_space.patch
  binder-fix-use-after-free-in-shinker-s-callback.patch
  input-atkbd-use-ab83-as-id-when-skipping-the-getid-command.patch
+dma-mapping-fix-build-error-unused-value.patch
+virtio-crypto-fix-memory-leak.patch
+virtio-crypto-fix-memory-leak-in-virtio_crypto_alg_skcipher_close_session.patch
diff --git a/queue-5.10/virtio-crypto-fix-memory-leak-in-virtio_crypto_alg_skcipher_close_session.patch b/queue-5.10/virtio-crypto-fix-memory-leak-in-virtio_crypto_alg_skcipher_close_session.patch

new file mode 100644 (file)

index 0000000..2cc71f2
--- /dev/null
+++ b/queue-5.10/virtio-crypto-fix-memory-leak-in-virtio_crypto_alg_skcipher_close_session.patch
@@ -0,0 +1,37 @@
+From b1d65f717cd6305a396a8738e022c6f7c65cfbe8 Mon Sep 17 00:00:00 2001
+From: Wei Yongjun <weiyongjun1@huawei.com>
+Date: Mon, 14 Nov 2022 11:07:40 +0000
+Subject: virtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session()
+
+From: Wei Yongjun <weiyongjun1@huawei.com>
+
+commit b1d65f717cd6305a396a8738e022c6f7c65cfbe8 upstream.
+
+'vc_ctrl_req' is alloced in virtio_crypto_alg_skcipher_close_session(),
+and should be freed in the invalid ctrl_status->status error handling
+case. Otherwise there is a memory leak.
+
+Fixes: 0756ad15b1fe ("virtio-crypto: use private buffer for control request")
+Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
+Message-Id: <20221114110740.537276-1-weiyongjun@huaweicloud.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Reviewed-by: Gonglei <arei.gonglei@huawei.com>
+Acked-by: zhenwei pi<pizhenwei@bytedance.com>
+Acked-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/crypto/virtio/virtio_crypto_algs.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/crypto/virtio/virtio_crypto_algs.c
++++ b/drivers/crypto/virtio/virtio_crypto_algs.c
+@@ -239,7 +239,8 @@ static int virtio_crypto_alg_skcipher_cl
+               pr_err("virtio_crypto: Close session failed status: %u, session_id: 0x%llx\n",
+                       ctrl_status->status, destroy_session->session_id);
+ 
+-              return -EINVAL;
++              err = -EINVAL;
++              goto out;
+       }
+ 
+       err = 0;
diff --git a/queue-5.10/virtio-crypto-fix-memory-leak.patch b/queue-5.10/virtio-crypto-fix-memory-leak.patch

new file mode 100644 (file)

index 0000000..021b442
--- /dev/null
+++ b/queue-5.10/virtio-crypto-fix-memory-leak.patch
@@ -0,0 +1,74 @@
+From 1bedcf22c081a6e9943f09937b2da8d3ef52d20d Mon Sep 17 00:00:00 2001
+From: lei he <helei.sig11@bytedance.com>
+Date: Mon, 19 Sep 2022 15:51:58 +0800
+Subject: virtio-crypto: fix memory-leak
+
+From: lei he <helei.sig11@bytedance.com>
+
+commit 1bedcf22c081a6e9943f09937b2da8d3ef52d20d upstream.
+
+Fix memory-leak for virtio-crypto akcipher request, this problem is
+introduced by 59ca6c93387d3(virtio-crypto: implement RSA algorithm).
+The leak can be reproduced and tested with the following script
+inside virtual machine:
+
+#!/bin/bash
+
+LOOP_TIMES=10000
+
+# required module: pkcs8_key_parser, virtio_crypto
+modprobe pkcs8_key_parser # if CONFIG_PKCS8_PRIVATE_KEY_PARSER=m
+modprobe virtio_crypto # if CONFIG_CRYPTO_DEV_VIRTIO=m
+rm -rf /tmp/data
+dd if=/dev/random of=/tmp/data count=1 bs=230
+
+# generate private key and self-signed cert
+openssl req -nodes -x509 -newkey rsa:2048 -keyout key.pem \
+               -outform der -out cert.der  \
+               -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=always.com/emailAddress=yy@always.com"
+# convert private key from pem to der
+openssl pkcs8 -in key.pem -topk8 -nocrypt -outform DER -out key.der
+
+# add key
+PRIV_KEY_ID=`cat key.der | keyctl padd asymmetric test_priv_key @s`
+echo "priv key id = "$PRIV_KEY_ID
+PUB_KEY_ID=`cat cert.der | keyctl padd asymmetric test_pub_key @s`
+echo "pub key id = "$PUB_KEY_ID
+
+# query key
+keyctl pkey_query $PRIV_KEY_ID 0
+keyctl pkey_query $PUB_KEY_ID 0
+
+# here we only run pkey_encrypt becasuse it is the fastest interface
+function bench_pub() {
+       keyctl pkey_encrypt $PUB_KEY_ID 0 /tmp/data enc=pkcs1 >/tmp/enc.pub
+}
+
+# do bench_pub in loop to obtain the memory leak
+for (( i = 0; i < ${LOOP_TIMES}; ++i )); do
+       bench_pub
+done
+
+Signed-off-by: lei he <helei.sig11@bytedance.com>
+Acked-by: Michael S. Tsirkin <mst@redhat.com>
+Reviewed-by: Gonglei <arei.gonglei@huawei.com>
+Message-Id: <20220919075158.3625-1-helei.sig11@bytedance.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/crypto/virtio/virtio_crypto_akcipher_algs.c |    4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/drivers/crypto/virtio/virtio_crypto_akcipher_algs.c
++++ b/drivers/crypto/virtio/virtio_crypto_akcipher_algs.c
+@@ -56,6 +56,10 @@ static void virtio_crypto_akcipher_final
+       struct virtio_crypto_akcipher_request *vc_akcipher_req,
+       struct akcipher_request *req, int err)
+ {
++      kfree(vc_akcipher_req->src_buf);
++      kfree(vc_akcipher_req->dst_buf);
++      vc_akcipher_req->src_buf = NULL;
++      vc_akcipher_req->dst_buf = NULL;
+       virtcrypto_clear_request(&vc_akcipher_req->base);
+ 
+       crypto_finalize_akcipher_request(vc_akcipher_req->base.dataq->engine, req, err);
author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 22 Jan 2024 17:37:38 +0000 (09:37 -0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 22 Jan 2024 17:37:38 +0000 (09:37 -0800)
queue-5.10/dma-mapping-fix-build-error-unused-value.patch	[new file with mode: 0644]	patch \| blob
queue-5.10/series		patch \| blob \| blame \| history
queue-5.10/virtio-crypto-fix-memory-leak-in-virtio_crypto_alg_skcipher_close_session.patch	[new file with mode: 0644]	patch \| blob
queue-5.10/virtio-crypto-fix-memory-leak.patch	[new file with mode: 0644]	patch \| blob