From b99553aed49eda64a80c161759b09a00f3664127 Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Sat, 26 Jun 2021 14:32:20 -0400 Subject: [PATCH] Fixes for 4.14 Signed-off-by: Sasha Levin --- ...y-leak-in-nilfs_sysfs_delete_device_.patch | 59 +++++++++++++++++++ ...x-the-reported-number-of-gpio-lines-.patch | 56 ++++++++++++++++++ queue-4.14/series | 2 + 3 files changed, 117 insertions(+) create mode 100644 queue-4.14/nilfs2-fix-memory-leak-in-nilfs_sysfs_delete_device_.patch create mode 100644 queue-4.14/pinctrl-stm32-fix-the-reported-number-of-gpio-lines-.patch diff --git a/queue-4.14/nilfs2-fix-memory-leak-in-nilfs_sysfs_delete_device_.patch b/queue-4.14/nilfs2-fix-memory-leak-in-nilfs_sysfs_delete_device_.patch new file mode 100644 index 00000000000..85537020ab3 --- /dev/null +++ b/queue-4.14/nilfs2-fix-memory-leak-in-nilfs_sysfs_delete_device_.patch @@ -0,0 +1,59 @@ +From de5198a250c1e71730c651c632a1dec4467e9151 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 24 Jun 2021 18:39:33 -0700 +Subject: nilfs2: fix memory leak in nilfs_sysfs_delete_device_group + +From: Pavel Skripkin + +[ Upstream commit 8fd0c1b0647a6bda4067ee0cd61e8395954b6f28 ] + +My local syzbot instance hit memory leak in nilfs2. The problem was in +missing kobject_put() in nilfs_sysfs_delete_device_group(). + +kobject_del() does not call kobject_cleanup() for passed kobject and it +leads to leaking duped kobject name if kobject_put() was not called. + +Fail log: + + BUG: memory leak + unreferenced object 0xffff8880596171e0 (size 8): + comm "syz-executor379", pid 8381, jiffies 4294980258 (age 21.100s) + hex dump (first 8 bytes): + 6c 6f 6f 70 30 00 00 00 loop0... + backtrace: + kstrdup+0x36/0x70 mm/util.c:60 + kstrdup_const+0x53/0x80 mm/util.c:83 + kvasprintf_const+0x108/0x190 lib/kasprintf.c:48 + kobject_set_name_vargs+0x56/0x150 lib/kobject.c:289 + kobject_add_varg lib/kobject.c:384 [inline] + kobject_init_and_add+0xc9/0x160 lib/kobject.c:473 + nilfs_sysfs_create_device_group+0x150/0x800 fs/nilfs2/sysfs.c:999 + init_nilfs+0xe26/0x12b0 fs/nilfs2/the_nilfs.c:637 + +Link: https://lkml.kernel.org/r/20210612140559.20022-1-paskripkin@gmail.com +Fixes: da7141fb78db ("nilfs2: add /sys/fs/nilfs2/ group") +Signed-off-by: Pavel Skripkin +Acked-by: Ryusuke Konishi +Cc: Michael L. Semon +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + fs/nilfs2/sysfs.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/fs/nilfs2/sysfs.c b/fs/nilfs2/sysfs.c +index 490303e3d517..e9903bceb2bf 100644 +--- a/fs/nilfs2/sysfs.c ++++ b/fs/nilfs2/sysfs.c +@@ -1064,6 +1064,7 @@ void nilfs_sysfs_delete_device_group(struct the_nilfs *nilfs) + nilfs_sysfs_delete_superblock_group(nilfs); + nilfs_sysfs_delete_segctor_group(nilfs); + kobject_del(&nilfs->ns_dev_kobj); ++ kobject_put(&nilfs->ns_dev_kobj); + kfree(nilfs->ns_dev_subgroups); + } + +-- +2.30.2 + diff --git a/queue-4.14/pinctrl-stm32-fix-the-reported-number-of-gpio-lines-.patch b/queue-4.14/pinctrl-stm32-fix-the-reported-number-of-gpio-lines-.patch new file mode 100644 index 00000000000..bcab2de28b7 --- /dev/null +++ b/queue-4.14/pinctrl-stm32-fix-the-reported-number-of-gpio-lines-.patch @@ -0,0 +1,56 @@ +From 2a61ce2b6518b67a4da1e938fd51b654421754a9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 17 Jun 2021 16:46:29 +0200 +Subject: pinctrl: stm32: fix the reported number of GPIO lines per bank + +From: Fabien Dessenne + +[ Upstream commit 67e2996f72c71ebe4ac2fcbcf77e54479bb7aa11 ] + +Each GPIO bank supports a variable number of lines which is usually 16, but +is less in some cases : this is specified by the last argument of the +"gpio-ranges" bank node property. +Report to the framework, the actual number of lines, so the libgpiod +gpioinfo command lists the actually existing GPIO lines. + +Fixes: 1dc9d289154b ("pinctrl: stm32: add possibility to use gpio-ranges to declare bank range") +Signed-off-by: Fabien Dessenne +Link: https://lore.kernel.org/r/20210617144629.2557693-1-fabien.dessenne@foss.st.com +Signed-off-by: Linus Walleij +Signed-off-by: Sasha Levin +--- + drivers/pinctrl/stm32/pinctrl-stm32.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/drivers/pinctrl/stm32/pinctrl-stm32.c b/drivers/pinctrl/stm32/pinctrl-stm32.c +index 072bd11074c6..b38e82a868df 100644 +--- a/drivers/pinctrl/stm32/pinctrl-stm32.c ++++ b/drivers/pinctrl/stm32/pinctrl-stm32.c +@@ -956,7 +956,7 @@ static int stm32_gpiolib_register_bank(struct stm32_pinctrl *pctl, + struct resource res; + struct reset_control *rstc; + int npins = STM32_GPIO_PINS_PER_BANK; +- int bank_nr, err; ++ int bank_nr, err, i = 0; + + rstc = of_reset_control_get_exclusive(np, NULL); + if (!IS_ERR(rstc)) +@@ -985,9 +985,14 @@ static int stm32_gpiolib_register_bank(struct stm32_pinctrl *pctl, + + of_property_read_string(np, "st,bank-name", &bank->gpio_chip.label); + +- if (!of_parse_phandle_with_fixed_args(np, "gpio-ranges", 3, 0, &args)) { ++ if (!of_parse_phandle_with_fixed_args(np, "gpio-ranges", 3, i, &args)) { + bank_nr = args.args[1] / STM32_GPIO_PINS_PER_BANK; + bank->gpio_chip.base = args.args[1]; ++ ++ npins = args.args[2]; ++ while (!of_parse_phandle_with_fixed_args(np, "gpio-ranges", 3, ++ ++i, &args)) ++ npins += args.args[2]; + } else { + bank_nr = pctl->nbanks; + bank->gpio_chip.base = bank_nr * STM32_GPIO_PINS_PER_BANK; +-- +2.30.2 + diff --git a/queue-4.14/series b/queue-4.14/series index d3dbb4d9afe..4f345d0a093 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -82,3 +82,5 @@ sh_eth-avoid-memcpy-over-reading-of-eth_ss_stats.patch r8169-avoid-memcpy-over-reading-of-eth_ss_stats.patch net-qed-fix-memcpy-overflow-of-qed_dcbx_params.patch net-ll_temac-avoid-ndo_start_xmit-returning-netdev_t.patch +pinctrl-stm32-fix-the-reported-number-of-gpio-lines-.patch +nilfs2-fix-memory-leak-in-nilfs_sysfs_delete_device_.patch -- 2.47.2