From: Greg Kroah-Hartman Date: Wed, 3 Sep 2014 21:35:53 +0000 (-0700) Subject: 3.10-stable patches X-Git-Tag: v3.10.54~13 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fc24d7ecc9c697828c2e3665fd7577c4f9e9cc75;p=thirdparty%2Fkernel%2Fstable-queue.git 3.10-stable patches added patches: mei-nfc-fix-memory-leak-in-error-path.patch mei-reset-client-state-on-queued-connect-request.patch --- diff --git a/queue-3.10/mei-nfc-fix-memory-leak-in-error-path.patch b/queue-3.10/mei-nfc-fix-memory-leak-in-error-path.patch new file mode 100644 index 00000000000..1870bf7c4a7 --- /dev/null +++ b/queue-3.10/mei-nfc-fix-memory-leak-in-error-path.patch @@ -0,0 +1,58 @@ +From 8e8248b1369c97c7bb6f8bcaee1f05deeabab8ef Mon Sep 17 00:00:00 2001 +From: Alexander Usyskin +Date: Tue, 12 Aug 2014 18:07:57 +0300 +Subject: mei: nfc: fix memory leak in error path + +From: Alexander Usyskin + +commit 8e8248b1369c97c7bb6f8bcaee1f05deeabab8ef upstream. + +NFC will leak buffer if send failed. +Use single exit point that does the freeing + +Signed-off-by: Alexander Usyskin +Signed-off-by: Tomas Winkler +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/misc/mei/nfc.c | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +--- a/drivers/misc/mei/nfc.c ++++ b/drivers/misc/mei/nfc.c +@@ -342,9 +342,10 @@ static int mei_nfc_send(struct mei_cl_de + ndev = (struct mei_nfc_dev *) cldev->priv_data; + dev = ndev->cl->dev; + ++ err = -ENOMEM; + mei_buf = kzalloc(length + MEI_NFC_HEADER_SIZE, GFP_KERNEL); + if (!mei_buf) +- return -ENOMEM; ++ goto out; + + hdr = (struct mei_nfc_hci_hdr *) mei_buf; + hdr->cmd = MEI_NFC_CMD_HCI_SEND; +@@ -354,12 +355,9 @@ static int mei_nfc_send(struct mei_cl_de + hdr->data_size = length; + + memcpy(mei_buf + MEI_NFC_HEADER_SIZE, buf, length); +- + err = __mei_cl_send(ndev->cl, mei_buf, length + MEI_NFC_HEADER_SIZE); + if (err < 0) +- return err; +- +- kfree(mei_buf); ++ goto out; + + if (!wait_event_interruptible_timeout(ndev->send_wq, + ndev->recv_req_id == ndev->req_id, HZ)) { +@@ -368,7 +366,8 @@ static int mei_nfc_send(struct mei_cl_de + } else { + ndev->req_id++; + } +- ++out: ++ kfree(mei_buf); + return err; + } + diff --git a/queue-3.10/mei-reset-client-state-on-queued-connect-request.patch b/queue-3.10/mei-reset-client-state-on-queued-connect-request.patch new file mode 100644 index 00000000000..44b744f13db --- /dev/null +++ b/queue-3.10/mei-reset-client-state-on-queued-connect-request.patch @@ -0,0 +1,37 @@ +From 73ab4232388b7a08f17c8d08141ff2099fa0b161 Mon Sep 17 00:00:00 2001 +From: Alexander Usyskin +Date: Tue, 12 Aug 2014 18:07:56 +0300 +Subject: mei: reset client state on queued connect request + +From: Alexander Usyskin + +commit 73ab4232388b7a08f17c8d08141ff2099fa0b161 upstream. + +If connect request is queued (e.g. device in pg) set client state +to initializing, thus avoid preliminary exit in wait if current +state is disconnected. + +This is regression from: + +commit e4d8270e604c3202131bac607969605ac397b893 +Author: Alexander Usyskin +mei: set connecting state just upon connection request is sent to the fw + +Signed-off-by: Alexander Usyskin +Signed-off-by: Tomas Winkler +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/misc/mei/client.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/misc/mei/client.c ++++ b/drivers/misc/mei/client.c +@@ -512,6 +512,7 @@ int mei_cl_connect(struct mei_cl *cl, st + cl->timer_count = MEI_CONNECT_TIMEOUT; + list_add_tail(&cb->list, &dev->ctrl_rd_list.list); + } else { ++ cl->state = MEI_FILE_INITIALIZING; + list_add_tail(&cb->list, &dev->ctrl_wr_list.list); + } + diff --git a/queue-3.10/series b/queue-3.10/series index 359004b12eb..b7273002484 100644 --- a/queue-3.10/series +++ b/queue-3.10/series @@ -37,3 +37,5 @@ x86_64-vsyscall-fix-warn_bad_vsyscall-log-output.patch x86-efi-enforce-config_relocatable-for-efi-boot-stub.patch hpsa-fix-bad-enomem-return-value-in-hpsa_big_passthru_ioctl.patch btrfs-fix-csum-tree-corruption-duplicate-and-outdated-checksums.patch +mei-reset-client-state-on-queued-connect-request.patch +mei-nfc-fix-memory-leak-in-error-path.patch