From: Sasha Levin <sashal@kernel.org>
Date: Sat, 1 Aug 2020 01:07:03 +0000 (-0400)
Subject: Fixes for 5.4
X-Git-Tag: v5.7.13~75
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=996b1d8e7aef8bc9fa50584744b5dd9cebb31d24;p=thirdparty%2Fkernel%2Fstable-queue.git

Fixes for 5.4

Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/queue-5.4/crypto-ccp-release-all-allocated-memory-if-sha-type-.patch b/queue-5.4/crypto-ccp-release-all-allocated-memory-if-sha-type-.patch
new file mode 100644
index 00000000000..0a7cd23fc53
--- /dev/null
+++ b/queue-5.4/crypto-ccp-release-all-allocated-memory-if-sha-type-.patch
@@ -0,0 +1,41 @@
+From aee8dab976b706d15bf6f112b1c97858dce4c16a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 19 Sep 2019 11:04:48 -0500
+Subject: crypto: ccp - Release all allocated memory if sha type is invalid
+
+From: Navid Emamdoost <navid.emamdoost@gmail.com>
+
+[ Upstream commit 128c66429247add5128c03dc1e144ca56f05a4e2 ]
+
+Release all allocated memory if sha type is invalid:
+In ccp_run_sha_cmd, if the type of sha is invalid, the allocated
+hmac_buf should be released.
+
+v2: fix the goto.
+
+Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
+Acked-by: Gary R Hook <gary.hook@amd.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/crypto/ccp/ccp-ops.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c
+index c8da8eb160da0..422193690fd47 100644
+--- a/drivers/crypto/ccp/ccp-ops.c
++++ b/drivers/crypto/ccp/ccp-ops.c
+@@ -1777,8 +1777,9 @@ ccp_run_sha_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd)
+ 			       LSB_ITEM_SIZE);
+ 			break;
+ 		default:
++			kfree(hmac_buf);
+ 			ret = -EINVAL;
+-			goto e_ctx;
++			goto e_data;
+ 		}
+ 
+ 		memset(&hmac_cmd, 0, sizeof(hmac_cmd));
+-- 
+2.25.1
+
diff --git a/queue-5.4/media-rc-prevent-memory-leak-in-cx23888_ir_probe.patch b/queue-5.4/media-rc-prevent-memory-leak-in-cx23888_ir_probe.patch
new file mode 100644
index 00000000000..00037b2edab
--- /dev/null
+++ b/queue-5.4/media-rc-prevent-memory-leak-in-cx23888_ir_probe.patch
@@ -0,0 +1,40 @@
+From fba77c08b0801d1c0166fbd8fb9d3c3c20f80494 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 25 Sep 2019 12:02:41 -0300
+Subject: media: rc: prevent memory leak in cx23888_ir_probe
+
+From: Navid Emamdoost <navid.emamdoost@gmail.com>
+
+[ Upstream commit a7b2df76b42bdd026e3106cf2ba97db41345a177 ]
+
+In cx23888_ir_probe if kfifo_alloc fails the allocated memory for state
+should be released.
+
+Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
+Signed-off-by: Sean Young <sean@mess.org>
+Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/media/pci/cx23885/cx23888-ir.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/media/pci/cx23885/cx23888-ir.c b/drivers/media/pci/cx23885/cx23888-ir.c
+index e880afe37f151..d59ca3601785e 100644
+--- a/drivers/media/pci/cx23885/cx23888-ir.c
++++ b/drivers/media/pci/cx23885/cx23888-ir.c
+@@ -1167,8 +1167,11 @@ int cx23888_ir_probe(struct cx23885_dev *dev)
+ 		return -ENOMEM;
+ 
+ 	spin_lock_init(&state->rx_kfifo_lock);
+-	if (kfifo_alloc(&state->rx_kfifo, CX23888_IR_RX_KFIFO_SIZE, GFP_KERNEL))
++	if (kfifo_alloc(&state->rx_kfifo, CX23888_IR_RX_KFIFO_SIZE,
++			GFP_KERNEL)) {
++		kfree(state);
+ 		return -ENOMEM;
++	}
+ 
+ 	state->dev = dev;
+ 	sd = &state->sd;
+-- 
+2.25.1
+
diff --git a/queue-5.4/series b/queue-5.4/series
new file mode 100644
index 00000000000..20481b2f792
--- /dev/null
+++ b/queue-5.4/series
@@ -0,0 +1,3 @@
+crypto-ccp-release-all-allocated-memory-if-sha-type-.patch
+media-rc-prevent-memory-leak-in-cx23888_ir_probe.patch
+sunrpc-check-that-domain-table-is-empty-at-module-un.patch
diff --git a/queue-5.4/sunrpc-check-that-domain-table-is-empty-at-module-un.patch b/queue-5.4/sunrpc-check-that-domain-table-is-empty-at-module-un.patch
new file mode 100644
index 00000000000..2d6336d993c
--- /dev/null
+++ b/queue-5.4/sunrpc-check-that-domain-table-is-empty-at-module-un.patch
@@ -0,0 +1,95 @@
+From 9b449c12b3a9f749f7d8aaadffe25a817603fd63 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 30 Jul 2020 18:55:53 -0400
+Subject: sunrpc: check that domain table is empty at module unload.
+
+[ Upstream commit f45db2b909c7e76f35850e78f017221f30282b8e ]
+
+The domain table should be empty at module unload.  If it isn't there is
+a bug somewhere.  So check and report.
+
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=206651
+Signed-off-by: NeilBrown <neilb@suse.de>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/sunrpc/sunrpc.h      |  1 +
+ net/sunrpc/sunrpc_syms.c |  2 ++
+ net/sunrpc/svcauth.c     | 27 +++++++++++++++++++++++++++
+ 3 files changed, 30 insertions(+)
+
+diff --git a/net/sunrpc/sunrpc.h b/net/sunrpc/sunrpc.h
+index c9bacb3c930fa..82035fa65b8f9 100644
+--- a/net/sunrpc/sunrpc.h
++++ b/net/sunrpc/sunrpc.h
+@@ -56,4 +56,5 @@ int svc_send_common(struct socket *sock, struct xdr_buf *xdr,
+ 
+ int rpc_clients_notifier_register(void);
+ void rpc_clients_notifier_unregister(void);
++void auth_domain_cleanup(void);
+ #endif /* _NET_SUNRPC_SUNRPC_H */
+diff --git a/net/sunrpc/sunrpc_syms.c b/net/sunrpc/sunrpc_syms.c
+index f9edaa9174a43..236fadc4a4399 100644
+--- a/net/sunrpc/sunrpc_syms.c
++++ b/net/sunrpc/sunrpc_syms.c
+@@ -23,6 +23,7 @@
+ #include <linux/sunrpc/rpc_pipe_fs.h>
+ #include <linux/sunrpc/xprtsock.h>
+ 
++#include "sunrpc.h"
+ #include "netns.h"
+ 
+ unsigned int sunrpc_net_id;
+@@ -131,6 +132,7 @@ cleanup_sunrpc(void)
+ 	unregister_rpc_pipefs();
+ 	rpc_destroy_mempool();
+ 	unregister_pernet_subsys(&sunrpc_net_ops);
++	auth_domain_cleanup();
+ #if IS_ENABLED(CONFIG_SUNRPC_DEBUG)
+ 	rpc_unregister_sysctl();
+ #endif
+diff --git a/net/sunrpc/svcauth.c b/net/sunrpc/svcauth.c
+index 550b214cb0015..998b196b61767 100644
+--- a/net/sunrpc/svcauth.c
++++ b/net/sunrpc/svcauth.c
+@@ -19,6 +19,10 @@
+ #include <linux/err.h>
+ #include <linux/hash.h>
+ 
++#include <trace/events/sunrpc.h>
++
++#include "sunrpc.h"
++
+ #define RPCDBG_FACILITY	RPCDBG_AUTH
+ 
+ 
+@@ -203,3 +207,26 @@ struct auth_domain *auth_domain_find(char *name)
+ 	return NULL;
+ }
+ EXPORT_SYMBOL_GPL(auth_domain_find);
++
++/**
++ * auth_domain_cleanup - check that the auth_domain table is empty
++ *
++ * On module unload the auth_domain_table must be empty.  To make it
++ * easier to catch bugs which don't clean up domains properly, we
++ * warn if anything remains in the table at cleanup time.
++ *
++ * Note that we cannot proactively remove the domains at this stage.
++ * The ->release() function might be in a module that has already been
++ * unloaded.
++ */
++
++void auth_domain_cleanup(void)
++{
++	int h;
++	struct auth_domain *hp;
++
++	for (h = 0; h < DN_HASHMAX; h++)
++		hlist_for_each_entry(hp, &auth_domain_table[h], hash)
++			pr_warn("svc: domain %s still present at module unload.\n",
++				hp->name);
++}
+-- 
+2.25.1
+