5.10-stable patches

added patches:
	usb-ehci-spear-fix-call-balance-of-sehci-clk-handling-routines.patch
	xen-fix-the-issue-of-resource-not-being-properly-released-in-xenbus_dev_probe.patch

diff --git a/queue-5.10/series b/queue-5.10/series
index c9d7e1e1b3e926714d6110f8b23a5243a93102fa..f7da498aca6473ba404b33f87883009500ceaa89 100644 (file)
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -231,3 +231,5 @@ staging-greybus-uart-fix-atomicity-violation-in-get_.patch
 alsa-hda-realtek-add-type-for-alc287.patch
 alsa-hda-realtek-update-alc256-depop-procedure.patch
 apparmor-fix-do-simple-duplicate-message-elimination.patch
+xen-fix-the-issue-of-resource-not-being-properly-released-in-xenbus_dev_probe.patch
+usb-ehci-spear-fix-call-balance-of-sehci-clk-handling-routines.patch

diff --git a/queue-5.10/usb-ehci-spear-fix-call-balance-of-sehci-clk-handling-routines.patch b/queue-5.10/usb-ehci-spear-fix-call-balance-of-sehci-clk-handling-routines.patch
new file mode 100644 (file)
index 0000000..41bd46e
--- /dev/null
+++ b/queue-5.10/usb-ehci-spear-fix-call-balance-of-sehci-clk-handling-routines.patch
@@ -0,0 +1,50 @@
+From 40c974826734836402abfd44efbf04f63a2cc1c1 Mon Sep 17 00:00:00 2001
+From: Vitalii Mordan <mordan@ispras.ru>
+Date: Fri, 15 Nov 2024 02:03:10 +0300
+Subject: usb: ehci-spear: fix call balance of sehci clk handling routines
+
+From: Vitalii Mordan <mordan@ispras.ru>
+
+commit 40c974826734836402abfd44efbf04f63a2cc1c1 upstream.
+
+If the clock sehci->clk was not enabled in spear_ehci_hcd_drv_probe,
+it should not be disabled in any path.
+
+Conversely, if it was enabled in spear_ehci_hcd_drv_probe, it must be disabled
+in all error paths to ensure proper cleanup.
+
+Found by Linux Verification Center (linuxtesting.org) with Klever.
+
+Fixes: 7675d6ba436f ("USB: EHCI: make ehci-spear a separate driver")
+Cc: stable@vger.kernel.org
+Signed-off-by: Vitalii Mordan <mordan@ispras.ru>
+Acked-by: Alan Stern <stern@rowland.harvard.edu>
+Link: https://lore.kernel.org/r/20241114230310.432213-1-mordan@ispras.ru
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/host/ehci-spear.c |    7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+--- a/drivers/usb/host/ehci-spear.c
++++ b/drivers/usb/host/ehci-spear.c
+@@ -108,7 +108,9 @@ static int spear_ehci_hcd_drv_probe(stru
+       /* registers start at offset 0x0 */
+       hcd_to_ehci(hcd)->caps = hcd->regs;
+ 
+-      clk_prepare_enable(sehci->clk);
++      retval = clk_prepare_enable(sehci->clk);
++      if (retval)
++              goto err_put_hcd;
+       retval = usb_add_hcd(hcd, irq, IRQF_SHARED);
+       if (retval)
+               goto err_stop_ehci;
+@@ -133,8 +135,7 @@ static int spear_ehci_hcd_drv_remove(str
+ 
+       usb_remove_hcd(hcd);
+ 
+-      if (sehci->clk)
+-              clk_disable_unprepare(sehci->clk);
++      clk_disable_unprepare(sehci->clk);
+       usb_put_hcd(hcd);
+ 
+       return 0;

diff --git a/queue-5.10/xen-fix-the-issue-of-resource-not-being-properly-released-in-xenbus_dev_probe.patch b/queue-5.10/xen-fix-the-issue-of-resource-not-being-properly-released-in-xenbus_dev_probe.patch
new file mode 100644 (file)
index 0000000..b856cbb
--- /dev/null
+++ b/queue-5.10/xen-fix-the-issue-of-resource-not-being-properly-released-in-xenbus_dev_probe.patch
@@ -0,0 +1,62 @@
+From afc545da381ba0c651b2658966ac737032676f01 Mon Sep 17 00:00:00 2001
+From: Qiu-ji Chen <chenqiuji666@gmail.com>
+Date: Tue, 5 Nov 2024 21:09:19 +0800
+Subject: xen: Fix the issue of resource not being properly released in xenbus_dev_probe()
+
+From: Qiu-ji Chen <chenqiuji666@gmail.com>
+
+commit afc545da381ba0c651b2658966ac737032676f01 upstream.
+
+This patch fixes an issue in the function xenbus_dev_probe(). In the
+xenbus_dev_probe() function, within the if (err) branch at line 313, the
+program incorrectly returns err directly without releasing the resources
+allocated by err = drv->probe(dev, id). As the return value is non-zero,
+the upper layers assume the processing logic has failed. However, the probe
+operation was performed earlier without a corresponding remove operation.
+Since the probe actually allocates resources, failing to perform the remove
+operation could lead to problems.
+
+To fix this issue, we followed the resource release logic of the
+xenbus_dev_remove() function by adding a new block fail_remove before the
+fail_put block. After entering the branch if (err) at line 313, the
+function will use a goto statement to jump to the fail_remove block,
+ensuring that the previously acquired resources are correctly released,
+thus preventing the reference count leak.
+
+This bug was identified by an experimental static analysis tool developed
+by our team. The tool specializes in analyzing reference count operations
+and detecting potential issues where resources are not properly managed.
+In this case, the tool flagged the missing release operation as a
+potential problem, which led to the development of this patch.
+
+Fixes: 4bac07c993d0 ("xen: add the Xenbus sysfs and virtual device hotplug driver")
+Cc: stable@vger.kernel.org
+Signed-off-by: Qiu-ji Chen <chenqiuji666@gmail.com>
+Reviewed-by: Juergen Gross <jgross@suse.com>
+Message-ID: <20241105130919.4621-1-chenqiuji666@gmail.com>
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/xen/xenbus/xenbus_probe.c |    8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- a/drivers/xen/xenbus/xenbus_probe.c
++++ b/drivers/xen/xenbus/xenbus_probe.c
+@@ -250,10 +250,16 @@ int xenbus_dev_probe(struct device *_dev
+       if (err) {
+               dev_warn(&dev->dev, "watch_otherend on %s failed.\n",
+                      dev->nodename);
+-              return err;
++              goto fail_remove;
+       }
+ 
+       return 0;
++fail_remove:
++      if (drv->remove) {
++              down(&dev->reclaim_sem);
++              drv->remove(dev);
++              up(&dev->reclaim_sem);
++      }
+ fail_put:
+       module_put(drv->driver.owner);
+ fail: