From 4fd1fbeb8733e431be47fd0f366bfa6ecfa3ee86 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 2 Dec 2024 12:19:13 +0100 Subject: [PATCH] 5.10-stable patches added patches: usb-ehci-spear-fix-call-balance-of-sehci-clk-handling-routines.patch xen-fix-the-issue-of-resource-not-being-properly-released-in-xenbus_dev_probe.patch --- queue-5.10/series | 2 + ...lance-of-sehci-clk-handling-routines.patch | 50 +++++++++++++++ ...roperly-released-in-xenbus_dev_probe.patch | 62 +++++++++++++++++++ 3 files changed, 114 insertions(+) create mode 100644 queue-5.10/usb-ehci-spear-fix-call-balance-of-sehci-clk-handling-routines.patch create mode 100644 queue-5.10/xen-fix-the-issue-of-resource-not-being-properly-released-in-xenbus_dev_probe.patch diff --git a/queue-5.10/series b/queue-5.10/series index c9d7e1e1b3e..f7da498aca6 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -231,3 +231,5 @@ staging-greybus-uart-fix-atomicity-violation-in-get_.patch alsa-hda-realtek-add-type-for-alc287.patch alsa-hda-realtek-update-alc256-depop-procedure.patch apparmor-fix-do-simple-duplicate-message-elimination.patch +xen-fix-the-issue-of-resource-not-being-properly-released-in-xenbus_dev_probe.patch +usb-ehci-spear-fix-call-balance-of-sehci-clk-handling-routines.patch diff --git a/queue-5.10/usb-ehci-spear-fix-call-balance-of-sehci-clk-handling-routines.patch b/queue-5.10/usb-ehci-spear-fix-call-balance-of-sehci-clk-handling-routines.patch new file mode 100644 index 00000000000..41bd46ec0b5 --- /dev/null +++ b/queue-5.10/usb-ehci-spear-fix-call-balance-of-sehci-clk-handling-routines.patch @@ -0,0 +1,50 @@ +From 40c974826734836402abfd44efbf04f63a2cc1c1 Mon Sep 17 00:00:00 2001 +From: Vitalii Mordan +Date: Fri, 15 Nov 2024 02:03:10 +0300 +Subject: usb: ehci-spear: fix call balance of sehci clk handling routines + +From: Vitalii Mordan + +commit 40c974826734836402abfd44efbf04f63a2cc1c1 upstream. + +If the clock sehci->clk was not enabled in spear_ehci_hcd_drv_probe, +it should not be disabled in any path. + +Conversely, if it was enabled in spear_ehci_hcd_drv_probe, it must be disabled +in all error paths to ensure proper cleanup. + +Found by Linux Verification Center (linuxtesting.org) with Klever. + +Fixes: 7675d6ba436f ("USB: EHCI: make ehci-spear a separate driver") +Cc: stable@vger.kernel.org +Signed-off-by: Vitalii Mordan +Acked-by: Alan Stern +Link: https://lore.kernel.org/r/20241114230310.432213-1-mordan@ispras.ru +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/host/ehci-spear.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/drivers/usb/host/ehci-spear.c ++++ b/drivers/usb/host/ehci-spear.c +@@ -108,7 +108,9 @@ static int spear_ehci_hcd_drv_probe(stru + /* registers start at offset 0x0 */ + hcd_to_ehci(hcd)->caps = hcd->regs; + +- clk_prepare_enable(sehci->clk); ++ retval = clk_prepare_enable(sehci->clk); ++ if (retval) ++ goto err_put_hcd; + retval = usb_add_hcd(hcd, irq, IRQF_SHARED); + if (retval) + goto err_stop_ehci; +@@ -133,8 +135,7 @@ static int spear_ehci_hcd_drv_remove(str + + usb_remove_hcd(hcd); + +- if (sehci->clk) +- clk_disable_unprepare(sehci->clk); ++ clk_disable_unprepare(sehci->clk); + usb_put_hcd(hcd); + + return 0; diff --git a/queue-5.10/xen-fix-the-issue-of-resource-not-being-properly-released-in-xenbus_dev_probe.patch b/queue-5.10/xen-fix-the-issue-of-resource-not-being-properly-released-in-xenbus_dev_probe.patch new file mode 100644 index 00000000000..b856cbb7b8f --- /dev/null +++ b/queue-5.10/xen-fix-the-issue-of-resource-not-being-properly-released-in-xenbus_dev_probe.patch @@ -0,0 +1,62 @@ +From afc545da381ba0c651b2658966ac737032676f01 Mon Sep 17 00:00:00 2001 +From: Qiu-ji Chen +Date: Tue, 5 Nov 2024 21:09:19 +0800 +Subject: xen: Fix the issue of resource not being properly released in xenbus_dev_probe() + +From: Qiu-ji Chen + +commit afc545da381ba0c651b2658966ac737032676f01 upstream. + +This patch fixes an issue in the function xenbus_dev_probe(). In the +xenbus_dev_probe() function, within the if (err) branch at line 313, the +program incorrectly returns err directly without releasing the resources +allocated by err = drv->probe(dev, id). As the return value is non-zero, +the upper layers assume the processing logic has failed. However, the probe +operation was performed earlier without a corresponding remove operation. +Since the probe actually allocates resources, failing to perform the remove +operation could lead to problems. + +To fix this issue, we followed the resource release logic of the +xenbus_dev_remove() function by adding a new block fail_remove before the +fail_put block. After entering the branch if (err) at line 313, the +function will use a goto statement to jump to the fail_remove block, +ensuring that the previously acquired resources are correctly released, +thus preventing the reference count leak. + +This bug was identified by an experimental static analysis tool developed +by our team. The tool specializes in analyzing reference count operations +and detecting potential issues where resources are not properly managed. +In this case, the tool flagged the missing release operation as a +potential problem, which led to the development of this patch. + +Fixes: 4bac07c993d0 ("xen: add the Xenbus sysfs and virtual device hotplug driver") +Cc: stable@vger.kernel.org +Signed-off-by: Qiu-ji Chen +Reviewed-by: Juergen Gross +Message-ID: <20241105130919.4621-1-chenqiuji666@gmail.com> +Signed-off-by: Juergen Gross +Signed-off-by: Greg Kroah-Hartman +--- + drivers/xen/xenbus/xenbus_probe.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +--- a/drivers/xen/xenbus/xenbus_probe.c ++++ b/drivers/xen/xenbus/xenbus_probe.c +@@ -250,10 +250,16 @@ int xenbus_dev_probe(struct device *_dev + if (err) { + dev_warn(&dev->dev, "watch_otherend on %s failed.\n", + dev->nodename); +- return err; ++ goto fail_remove; + } + + return 0; ++fail_remove: ++ if (drv->remove) { ++ down(&dev->reclaim_sem); ++ drv->remove(dev); ++ up(&dev->reclaim_sem); ++ } + fail_put: + module_put(drv->driver.owner); + fail: -- 2.47.3