From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 16 Sep 2020 17:25:05 +0000 (+0200)
Subject: drop firmware_loader-fix-memory-leak-for-paged-buffer.patch from 5.4 and 5.8
X-Git-Tag: v4.19.146~4
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5937b8eba1d0e6928d033341eb3cc411a99489cf;p=thirdparty%2Fkernel%2Fstable-queue.git

drop firmware_loader-fix-memory-leak-for-paged-buffer.patch from 5.4 and 5.8

Shuah reports problems with this in 5.8.y
---

diff --git a/queue-5.4/firmware_loader-fix-memory-leak-for-paged-buffer.patch b/queue-5.4/firmware_loader-fix-memory-leak-for-paged-buffer.patch
deleted file mode 100644
index 2738dc1b227..00000000000
--- a/queue-5.4/firmware_loader-fix-memory-leak-for-paged-buffer.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-From 4965b8cd1bc1ffb017e5c58e622da82b55e49414 Mon Sep 17 00:00:00 2001
-From: Prateek Sood <prsood@codeaurora.org>
-Date: Fri, 21 Aug 2020 02:27:50 +0530
-Subject: firmware_loader: fix memory leak for paged buffer
-
-From: Prateek Sood <prsood@codeaurora.org>
-
-commit 4965b8cd1bc1ffb017e5c58e622da82b55e49414 upstream.
-
-vfree() is being called on paged buffer allocated
-using alloc_page() and mapped using vmap().
-
-Freeing of pages in vfree() relies on nr_pages of
-struct vm_struct. vmap() does not update nr_pages.
-It can lead to memory leaks.
-
-Fixes: ddaf29fd9bb6 ("firmware: Free temporary page table after vmapping")
-Signed-off-by: Prateek Sood <prsood@codeaurora.org>
-Reviewed-by: Takashi Iwai <tiwai@suse.de>
-Cc: stable@vger.kernel.org
-Link: https://lore.kernel.org/r/1597957070-27185-1-git-send-email-prsood@codeaurora.org
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/base/firmware_loader/firmware.h |    2 ++
- drivers/base/firmware_loader/main.c     |   17 +++++++++++------
- 2 files changed, 13 insertions(+), 6 deletions(-)
-
---- a/drivers/base/firmware_loader/firmware.h
-+++ b/drivers/base/firmware_loader/firmware.h
-@@ -139,10 +139,12 @@ int assign_fw(struct firmware *fw, struc
- void fw_free_paged_buf(struct fw_priv *fw_priv);
- int fw_grow_paged_buf(struct fw_priv *fw_priv, int pages_needed);
- int fw_map_paged_buf(struct fw_priv *fw_priv);
-+bool fw_is_paged_buf(struct fw_priv *fw_priv);
- #else
- static inline void fw_free_paged_buf(struct fw_priv *fw_priv) {}
- static inline int fw_grow_paged_buf(struct fw_priv *fw_priv, int pages_needed) { return -ENXIO; }
- static inline int fw_map_paged_buf(struct fw_priv *fw_priv) { return -ENXIO; }
-+static inline bool fw_is_paged_buf(struct fw_priv *fw_priv) { return false; }
- #endif
- 
- #endif /* __FIRMWARE_LOADER_H */
---- a/drivers/base/firmware_loader/main.c
-+++ b/drivers/base/firmware_loader/main.c
-@@ -252,9 +252,11 @@ static void __free_fw_priv(struct kref *
- 	list_del(&fw_priv->list);
- 	spin_unlock(&fwc->lock);
- 
--	fw_free_paged_buf(fw_priv); /* free leftover pages */
--	if (!fw_priv->allocated_size)
-+	if (fw_is_paged_buf(fw_priv))
-+		fw_free_paged_buf(fw_priv);
-+	else if (!fw_priv->allocated_size)
- 		vfree(fw_priv->data);
-+
- 	kfree_const(fw_priv->fw_name);
- 	kfree(fw_priv);
- }
-@@ -268,6 +270,11 @@ static void free_fw_priv(struct fw_priv
- }
- 
- #ifdef CONFIG_FW_LOADER_PAGED_BUF
-+bool fw_is_paged_buf(struct fw_priv *fw_priv)
-+{
-+	return fw_priv->is_paged_buf;
-+}
-+
- void fw_free_paged_buf(struct fw_priv *fw_priv)
- {
- 	int i;
-@@ -275,6 +282,8 @@ void fw_free_paged_buf(struct fw_priv *f
- 	if (!fw_priv->pages)
- 		return;
- 
-+	vunmap(fw_priv->data);
-+
- 	for (i = 0; i < fw_priv->nr_pages; i++)
- 		__free_page(fw_priv->pages[i]);
- 	kvfree(fw_priv->pages);
-@@ -328,10 +337,6 @@ int fw_map_paged_buf(struct fw_priv *fw_
- 	if (!fw_priv->data)
- 		return -ENOMEM;
- 
--	/* page table is no longer needed after mapping, let's free */
--	kvfree(fw_priv->pages);
--	fw_priv->pages = NULL;
--
- 	return 0;
- }
- #endif
diff --git a/queue-5.4/series b/queue-5.4/series
index d090876a34c..e33bd8acd62 100644
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -91,7 +91,6 @@ staging-wlan-ng-fix-out-of-bounds-read-in-prism2sta_probe_usb.patch
 btrfs-require-only-sector-size-alignment-for-parent-eb-bytenr.patch
 btrfs-fix-lockdep-splat-in-add_missing_dev.patch
 btrfs-fix-wrong-address-when-faulting-in-pages-in-the-search-ioctl.patch
-firmware_loader-fix-memory-leak-for-paged-buffer.patch
 kobject-restore-old-behaviour-of-kobject_del-null.patch
 regulator-push-allocation-in-regulator_init_coupling-outside-of-lock.patch
 regulator-push-allocations-in-create_regulator-outside-of-lock.patch
diff --git a/queue-5.8/firmware_loader-fix-memory-leak-for-paged-buffer.patch b/queue-5.8/firmware_loader-fix-memory-leak-for-paged-buffer.patch
deleted file mode 100644
index 82ae3501bfc..00000000000
--- a/queue-5.8/firmware_loader-fix-memory-leak-for-paged-buffer.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-From 4965b8cd1bc1ffb017e5c58e622da82b55e49414 Mon Sep 17 00:00:00 2001
-From: Prateek Sood <prsood@codeaurora.org>
-Date: Fri, 21 Aug 2020 02:27:50 +0530
-Subject: firmware_loader: fix memory leak for paged buffer
-
-From: Prateek Sood <prsood@codeaurora.org>
-
-commit 4965b8cd1bc1ffb017e5c58e622da82b55e49414 upstream.
-
-vfree() is being called on paged buffer allocated
-using alloc_page() and mapped using vmap().
-
-Freeing of pages in vfree() relies on nr_pages of
-struct vm_struct. vmap() does not update nr_pages.
-It can lead to memory leaks.
-
-Fixes: ddaf29fd9bb6 ("firmware: Free temporary page table after vmapping")
-Signed-off-by: Prateek Sood <prsood@codeaurora.org>
-Reviewed-by: Takashi Iwai <tiwai@suse.de>
-Cc: stable@vger.kernel.org
-Link: https://lore.kernel.org/r/1597957070-27185-1-git-send-email-prsood@codeaurora.org
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/base/firmware_loader/firmware.h |    2 ++
- drivers/base/firmware_loader/main.c     |   17 +++++++++++------
- 2 files changed, 13 insertions(+), 6 deletions(-)
-
---- a/drivers/base/firmware_loader/firmware.h
-+++ b/drivers/base/firmware_loader/firmware.h
-@@ -142,10 +142,12 @@ int assign_fw(struct firmware *fw, struc
- void fw_free_paged_buf(struct fw_priv *fw_priv);
- int fw_grow_paged_buf(struct fw_priv *fw_priv, int pages_needed);
- int fw_map_paged_buf(struct fw_priv *fw_priv);
-+bool fw_is_paged_buf(struct fw_priv *fw_priv);
- #else
- static inline void fw_free_paged_buf(struct fw_priv *fw_priv) {}
- static inline int fw_grow_paged_buf(struct fw_priv *fw_priv, int pages_needed) { return -ENXIO; }
- static inline int fw_map_paged_buf(struct fw_priv *fw_priv) { return -ENXIO; }
-+static inline bool fw_is_paged_buf(struct fw_priv *fw_priv) { return false; }
- #endif
- 
- #endif /* __FIRMWARE_LOADER_H */
---- a/drivers/base/firmware_loader/main.c
-+++ b/drivers/base/firmware_loader/main.c
-@@ -252,9 +252,11 @@ static void __free_fw_priv(struct kref *
- 	list_del(&fw_priv->list);
- 	spin_unlock(&fwc->lock);
- 
--	fw_free_paged_buf(fw_priv); /* free leftover pages */
--	if (!fw_priv->allocated_size)
-+	if (fw_is_paged_buf(fw_priv))
-+		fw_free_paged_buf(fw_priv);
-+	else if (!fw_priv->allocated_size)
- 		vfree(fw_priv->data);
-+
- 	kfree_const(fw_priv->fw_name);
- 	kfree(fw_priv);
- }
-@@ -268,6 +270,11 @@ static void free_fw_priv(struct fw_priv
- }
- 
- #ifdef CONFIG_FW_LOADER_PAGED_BUF
-+bool fw_is_paged_buf(struct fw_priv *fw_priv)
-+{
-+	return fw_priv->is_paged_buf;
-+}
-+
- void fw_free_paged_buf(struct fw_priv *fw_priv)
- {
- 	int i;
-@@ -275,6 +282,8 @@ void fw_free_paged_buf(struct fw_priv *f
- 	if (!fw_priv->pages)
- 		return;
- 
-+	vunmap(fw_priv->data);
-+
- 	for (i = 0; i < fw_priv->nr_pages; i++)
- 		__free_page(fw_priv->pages[i]);
- 	kvfree(fw_priv->pages);
-@@ -328,10 +337,6 @@ int fw_map_paged_buf(struct fw_priv *fw_
- 	if (!fw_priv->data)
- 		return -ENOMEM;
- 
--	/* page table is no longer needed after mapping, let's free */
--	kvfree(fw_priv->pages);
--	fw_priv->pages = NULL;
--
- 	return 0;
- }
- #endif
diff --git a/queue-5.8/series b/queue-5.8/series
index d702791335f..ed2f1745de1 100644
--- a/queue-5.8/series
+++ b/queue-5.8/series
@@ -127,7 +127,6 @@ btrfs-require-only-sector-size-alignment-for-parent-eb-bytenr.patch
 btrfs-fix-lockdep-splat-in-add_missing_dev.patch
 btrfs-free-data-reloc-tree-on-failed-mount.patch
 btrfs-fix-wrong-address-when-faulting-in-pages-in-the-search-ioctl.patch
-firmware_loader-fix-memory-leak-for-paged-buffer.patch
 thunderbolt-disable-ports-that-are-not-implemented.patch
 kobject-restore-old-behaviour-of-kobject_del-null.patch
 regulator-push-allocation-in-regulator_init_coupling-outside-of-lock.patch