From d51ed016de55d28a142dc837d83dc1d057fcb7bb Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 7 Aug 2023 11:17:18 +0200
Subject: [PATCH] 4.19-stable patches

added patches:
	test_firmware-fix-a-memory-leak-with-reqs-buffer.patch
	test_firmware-return-enomem-instead-of-enospc-on-failed-memory-allocation.patch
---
 queue-4.19/series                             |  2 +
 ...e-fix-a-memory-leak-with-reqs-buffer.patch | 67 +++++++++++++++
 ...f-enospc-on-failed-memory-allocation.patch | 86 +++++++++++++++++++
 3 files changed, 155 insertions(+)
 create mode 100644 queue-4.19/test_firmware-fix-a-memory-leak-with-reqs-buffer.patch
 create mode 100644 queue-4.19/test_firmware-return-enomem-instead-of-enospc-on-failed-memory-allocation.patch

diff --git a/queue-4.19/series b/queue-4.19/series
index 9015b40b66a..f39657449c9 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -309,3 +309,5 @@ fs-sysv-null-check-to-prevent-null-ptr-deref-bug.patch
 bluetooth-l2cap-fix-use-after-free-in-l2cap_sock_ready_cb.patch
 net-usbnet-fix-warning-in-usbnet_start_xmit-usb_submit_urb.patch
 ext2-drop-fragment-support.patch
+test_firmware-fix-a-memory-leak-with-reqs-buffer.patch
+test_firmware-return-enomem-instead-of-enospc-on-failed-memory-allocation.patch
diff --git a/queue-4.19/test_firmware-fix-a-memory-leak-with-reqs-buffer.patch b/queue-4.19/test_firmware-fix-a-memory-leak-with-reqs-buffer.patch
new file mode 100644
index 00000000000..f835fce55f9
--- /dev/null
+++ b/queue-4.19/test_firmware-fix-a-memory-leak-with-reqs-buffer.patch
@@ -0,0 +1,67 @@
+From be37bed754ed90b2655382f93f9724b3c1aae847 Mon Sep 17 00:00:00 2001
+From: Mirsad Goran Todorovac <mirsad.todorovac@alu.unizg.hr>
+Date: Tue, 9 May 2023 10:47:47 +0200
+Subject: test_firmware: fix a memory leak with reqs buffer
+
+From: Mirsad Goran Todorovac <mirsad.todorovac@alu.unizg.hr>
+
+commit be37bed754ed90b2655382f93f9724b3c1aae847 upstream.
+
+Dan Carpenter spotted that test_fw_config->reqs will be leaked if
+trigger_batched_requests_store() is called two or more times.
+The same appears with trigger_batched_requests_async_store().
+
+This bug wasn't trigger by the tests, but observed by Dan's visual
+inspection of the code.
+
+The recommended workaround was to return -EBUSY if test_fw_config->reqs
+is already allocated.
+
+Fixes: 7feebfa487b92 ("test_firmware: add support for request_firmware_into_buf")
+Cc: Luis Chamberlain <mcgrof@kernel.org>
+Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: Russ Weight <russell.h.weight@intel.com>
+Cc: Tianfei Zhang <tianfei.zhang@intel.com>
+Cc: Shuah Khan <shuah@kernel.org>
+Cc: Colin Ian King <colin.i.king@gmail.com>
+Cc: Randy Dunlap <rdunlap@infradead.org>
+Cc: linux-kselftest@vger.kernel.org
+Cc: stable@vger.kernel.org # v5.4
+Suggested-by: Dan Carpenter <error27@gmail.com>
+Suggested-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Mirsad Goran Todorovac <mirsad.todorovac@alu.unizg.hr>
+Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org>
+Acked-by: Luis Chamberlain <mcgrof@kernel.org>
+Link: https://lore.kernel.org/r/20230509084746.48259-2-mirsad.todorovac@alu.unizg.hr
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ lib/test_firmware.c |   10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+--- a/lib/test_firmware.c
++++ b/lib/test_firmware.c
+@@ -618,6 +618,11 @@ static ssize_t trigger_batched_requests_
+ 
+ 	mutex_lock(&test_fw_mutex);
+ 
++	if (test_fw_config->reqs) {
++		rc = -EBUSY;
++		goto out_bail;
++	}
++
+ 	test_fw_config->reqs =
+ 		vzalloc(array3_size(sizeof(struct test_batched_req),
+ 				    test_fw_config->num_requests, 2));
+@@ -721,6 +726,11 @@ ssize_t trigger_batched_requests_async_s
+ 
+ 	mutex_lock(&test_fw_mutex);
+ 
++	if (test_fw_config->reqs) {
++		rc = -EBUSY;
++		goto out_bail;
++	}
++
+ 	test_fw_config->reqs =
+ 		vzalloc(array3_size(sizeof(struct test_batched_req),
+ 				    test_fw_config->num_requests, 2));
diff --git a/queue-4.19/test_firmware-return-enomem-instead-of-enospc-on-failed-memory-allocation.patch b/queue-4.19/test_firmware-return-enomem-instead-of-enospc-on-failed-memory-allocation.patch
new file mode 100644
index 00000000000..6f5200129ab
--- /dev/null
+++ b/queue-4.19/test_firmware-return-enomem-instead-of-enospc-on-failed-memory-allocation.patch
@@ -0,0 +1,86 @@
+From 7dae593cd226a0bca61201cf85ceb9335cf63682 Mon Sep 17 00:00:00 2001
+From: Mirsad Goran Todorovac <mirsad.todorovac@alu.unizg.hr>
+Date: Tue, 6 Jun 2023 09:08:10 +0200
+Subject: test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation
+
+From: Mirsad Goran Todorovac <mirsad.todorovac@alu.unizg.hr>
+
+commit 7dae593cd226a0bca61201cf85ceb9335cf63682 upstream.
+
+In a couple of situations like
+
+	name = kstrndup(buf, count, GFP_KERNEL);
+	if (!name)
+		return -ENOSPC;
+
+the error is not actually "No space left on device", but "Out of memory".
+
+It is semantically correct to return -ENOMEM in all failed kstrndup()
+and kzalloc() cases in this driver, as it is not a problem with disk
+space, but with kernel memory allocator failing allocation.
+
+The semantically correct should be:
+
+        name = kstrndup(buf, count, GFP_KERNEL);
+        if (!name)
+                return -ENOMEM;
+
+Cc: Dan Carpenter <error27@gmail.com>
+Cc: Takashi Iwai <tiwai@suse.de>
+Cc: Kees Cook <keescook@chromium.org>
+Cc: "Luis R. Rodriguez" <mcgrof@ruslug.rutgers.edu>
+Cc: Scott Branden <sbranden@broadcom.com>
+Cc: Hans de Goede <hdegoede@redhat.com>
+Cc: Brian Norris <briannorris@chromium.org>
+Fixes: c92316bf8e948 ("test_firmware: add batched firmware tests")
+Fixes: 0a8adf584759c ("test: add firmware_class loader test")
+Fixes: 548193cba2a7d ("test_firmware: add support for firmware_request_platform")
+Fixes: eb910947c82f9 ("test: firmware_class: add asynchronous request trigger")
+Fixes: 061132d2b9c95 ("test_firmware: add test custom fallback trigger")
+Fixes: 7feebfa487b92 ("test_firmware: add support for request_firmware_into_buf")
+Signed-off-by: Mirsad Goran Todorovac <mirsad.todorovac@alu.unizg.hr>
+Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org>
+Message-ID: <20230606070808.9300-1-mirsad.todorovac@alu.unizg.hr>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ lib/test_firmware.c |    8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/lib/test_firmware.c
++++ b/lib/test_firmware.c
+@@ -160,7 +160,7 @@ static int __kstrncpy(char **dst, const
+ {
+ 	*dst = kstrndup(name, count, gfp);
+ 	if (!*dst)
+-		return -ENOSPC;
++		return -ENOMEM;
+ 	return count;
+ }
+ 
+@@ -456,7 +456,7 @@ static ssize_t trigger_request_store(str
+ 
+ 	name = kstrndup(buf, count, GFP_KERNEL);
+ 	if (!name)
+-		return -ENOSPC;
++		return -ENOMEM;
+ 
+ 	pr_info("loading '%s'\n", name);
+ 
+@@ -497,7 +497,7 @@ static ssize_t trigger_async_request_sto
+ 
+ 	name = kstrndup(buf, count, GFP_KERNEL);
+ 	if (!name)
+-		return -ENOSPC;
++		return -ENOMEM;
+ 
+ 	pr_info("loading '%s'\n", name);
+ 
+@@ -540,7 +540,7 @@ static ssize_t trigger_custom_fallback_s
+ 
+ 	name = kstrndup(buf, count, GFP_KERNEL);
+ 	if (!name)
+-		return -ENOSPC;
++		return -ENOMEM;
+ 
+ 	pr_info("loading '%s' using custom fallback mechanism\n", name);
+ 
-- 
2.47.3