From: Greg Kroah-Hartman Date: Sun, 8 Sep 2024 10:31:29 +0000 (+0200) Subject: 5.4-stable patches X-Git-Tag: v4.19.322~120 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=12d9fe307a28cca106690c468d251af0aac148a0;p=thirdparty%2Fkernel%2Fstable-queue.git 5.4-stable patches added patches: ata-libata-fix-memory-leak-for-error-path-in-ata_host_alloc.patch irqchip-gic-v2m-fix-refcount-leak-in-gicv2m_of_init.patch --- diff --git a/queue-5.4/ata-libata-fix-memory-leak-for-error-path-in-ata_host_alloc.patch b/queue-5.4/ata-libata-fix-memory-leak-for-error-path-in-ata_host_alloc.patch new file mode 100644 index 00000000000..a85d957a80d --- /dev/null +++ b/queue-5.4/ata-libata-fix-memory-leak-for-error-path-in-ata_host_alloc.patch @@ -0,0 +1,41 @@ +From 284b75a3d83c7631586d98f6dede1d90f128f0db Mon Sep 17 00:00:00 2001 +From: Zheng Qixing +Date: Thu, 22 Aug 2024 11:30:50 +0800 +Subject: ata: libata: Fix memory leak for error path in ata_host_alloc() + +From: Zheng Qixing + +commit 284b75a3d83c7631586d98f6dede1d90f128f0db upstream. + +In ata_host_alloc(), if devres_alloc() fails to allocate the device host +resource data pointer, the already allocated ata_host structure is not +freed before returning from the function. This results in a potential +memory leak. + +Call kfree(host) before jumping to the error handling path to ensure +that the ata_host structure is properly freed if devres_alloc() fails. + +Fixes: 2623c7a5f279 ("libata: add refcounting to ata_host") +Cc: stable@vger.kernel.org +Signed-off-by: Zheng Qixing +Reviewed-by: Yu Kuai +Signed-off-by: Damien Le Moal +Signed-off-by: Greg Kroah-Hartman +--- + drivers/ata/libata-core.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/ata/libata-core.c ++++ b/drivers/ata/libata-core.c +@@ -6203,8 +6203,10 @@ struct ata_host *ata_host_alloc(struct d + } + + dr = devres_alloc(ata_devres_release, 0, GFP_KERNEL); +- if (!dr) ++ if (!dr) { ++ kfree(host); + goto err_out; ++ } + + devres_add(dev, dr); + dev_set_drvdata(dev, host); diff --git a/queue-5.4/irqchip-gic-v2m-fix-refcount-leak-in-gicv2m_of_init.patch b/queue-5.4/irqchip-gic-v2m-fix-refcount-leak-in-gicv2m_of_init.patch new file mode 100644 index 00000000000..a8a49641b45 --- /dev/null +++ b/queue-5.4/irqchip-gic-v2m-fix-refcount-leak-in-gicv2m_of_init.patch @@ -0,0 +1,44 @@ +From c5af2c90ba5629f0424a8d315f75fb8d91713c3c Mon Sep 17 00:00:00 2001 +From: Ma Ke +Date: Tue, 20 Aug 2024 17:28:43 +0800 +Subject: irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() + +From: Ma Ke + +commit c5af2c90ba5629f0424a8d315f75fb8d91713c3c upstream. + +gicv2m_of_init() fails to perform an of_node_put() when +of_address_to_resource() fails, leading to a refcount leak. + +Address this by moving the error handling path outside of the loop and +making it common to all failure modes. + +Fixes: 4266ab1a8ff5 ("irqchip/gic-v2m: Refactor to prepare for ACPI support") +Signed-off-by: Ma Ke +Signed-off-by: Thomas Gleixner +Reviewed-by: Marc Zyngier +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/all/20240820092843.1219933-1-make24@iscas.ac.cn +Signed-off-by: Greg Kroah-Hartman +--- + drivers/irqchip/irq-gic-v2m.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/irqchip/irq-gic-v2m.c ++++ b/drivers/irqchip/irq-gic-v2m.c +@@ -441,12 +441,12 @@ static int __init gicv2m_of_init(struct + + ret = gicv2m_init_one(&child->fwnode, spi_start, nr_spis, + &res, 0); +- if (ret) { +- of_node_put(child); ++ if (ret) + break; +- } + } + ++ if (ret && child) ++ of_node_put(child); + if (!ret) + ret = gicv2m_allocate_domains(parent); + if (ret) diff --git a/queue-5.4/series b/queue-5.4/series index 193ce3277b0..a31e1518358 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -26,3 +26,5 @@ i2c-use-is_reachable-for-substituting-empty-acpi-functions.patch sch-netem-fix-use-after-free-in-netem_dequeue.patch asoc-dapm-fix-uaf-for-snd_soc_pcm_runtime-object.patch alsa-hda-conexant-add-pincfg-quirk-to-enable-top-speakers-on-sirius-devices.patch +ata-libata-fix-memory-leak-for-error-path-in-ata_host_alloc.patch +irqchip-gic-v2m-fix-refcount-leak-in-gicv2m_of_init.patch