From d2e77a38f483b7dd009c73cad7a9ef73fb80ae88 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 2 Jan 2023 12:05:17 +0100 Subject: [PATCH] 4.14-stable patches added patches: tpm-tpm_crb-add-the-missed-acpi_put_table-to-fix-memory-leak.patch tpm-tpm_tis-add-the-missed-acpi_put_table-to-fix-memory-leak.patch --- queue-4.14/series | 2 + ...ed-acpi_put_table-to-fix-memory-leak.patch | 85 +++++++++++++++++++ ...ed-acpi_put_table-to-fix-memory-leak.patch | 55 ++++++++++++ 3 files changed, 142 insertions(+) create mode 100644 queue-4.14/tpm-tpm_crb-add-the-missed-acpi_put_table-to-fix-memory-leak.patch create mode 100644 queue-4.14/tpm-tpm_tis-add-the-missed-acpi_put_table-to-fix-memory-leak.patch diff --git a/queue-4.14/series b/queue-4.14/series index 1b025ebaf4b..4fe5c2e239f 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -268,3 +268,5 @@ alsa-line6-fix-stack-overflow-in-line6_midi_transmit.patch pnode-terminate-at-peers-of-source.patch md-fix-a-crash-in-mempool_free.patch mmc-vub300-fix-warning-do-not-call-blocking-ops-when-task_running.patch +tpm-tpm_crb-add-the-missed-acpi_put_table-to-fix-memory-leak.patch +tpm-tpm_tis-add-the-missed-acpi_put_table-to-fix-memory-leak.patch diff --git a/queue-4.14/tpm-tpm_crb-add-the-missed-acpi_put_table-to-fix-memory-leak.patch b/queue-4.14/tpm-tpm_crb-add-the-missed-acpi_put_table-to-fix-memory-leak.patch new file mode 100644 index 00000000000..4832ddaf614 --- /dev/null +++ b/queue-4.14/tpm-tpm_crb-add-the-missed-acpi_put_table-to-fix-memory-leak.patch @@ -0,0 +1,85 @@ +From 37e90c374dd11cf4919c51e847c6d6ced0abc555 Mon Sep 17 00:00:00 2001 +From: Hanjun Guo +Date: Thu, 17 Nov 2022 19:23:41 +0800 +Subject: tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak + +From: Hanjun Guo + +commit 37e90c374dd11cf4919c51e847c6d6ced0abc555 upstream. + +In crb_acpi_add(), we get the TPM2 table to retrieve information +like start method, and then assign them to the priv data, so the +TPM2 table is not used after the init, should be freed, call +acpi_put_table() to fix the memory leak. + +Fixes: 30fc8d138e91 ("tpm: TPM 2.0 CRB Interface") +Cc: stable@vger.kernel.org +Signed-off-by: Hanjun Guo +Reviewed-by: Jarkko Sakkinen +Signed-off-by: Jarkko Sakkinen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/char/tpm/tpm_crb.c | 29 ++++++++++++++++++++--------- + 1 file changed, 20 insertions(+), 9 deletions(-) + +--- a/drivers/char/tpm/tpm_crb.c ++++ b/drivers/char/tpm/tpm_crb.c +@@ -613,12 +613,16 @@ static int crb_acpi_add(struct acpi_devi + + /* Should the FIFO driver handle this? */ + sm = buf->start_method; +- if (sm == ACPI_TPM2_MEMORY_MAPPED) +- return -ENODEV; ++ if (sm == ACPI_TPM2_MEMORY_MAPPED) { ++ rc = -ENODEV; ++ goto out; ++ } + + priv = devm_kzalloc(dev, sizeof(struct crb_priv), GFP_KERNEL); +- if (!priv) +- return -ENOMEM; ++ if (!priv) { ++ rc = -ENOMEM; ++ goto out; ++ } + + /* The reason for the extra quirk is that the PTT in 4th Gen Core CPUs + * report only ACPI start but in practice seems to require both +@@ -638,7 +642,8 @@ static int crb_acpi_add(struct acpi_devi + FW_BUG "TPM2 ACPI table has wrong size %u for start method type %d\n", + buf->header.length, + ACPI_TPM2_COMMAND_BUFFER_WITH_ARM_SMC); +- return -EINVAL; ++ rc = -EINVAL; ++ goto out; + } + crb_smc = ACPI_ADD_PTR(struct tpm2_crb_smc, buf, sizeof(*buf)); + priv->smc_func_id = crb_smc->smc_func_id; +@@ -647,17 +652,23 @@ static int crb_acpi_add(struct acpi_devi + + rc = crb_map_io(device, priv, buf); + if (rc) +- return rc; ++ goto out; + + chip = tpmm_chip_alloc(dev, &tpm_crb); +- if (IS_ERR(chip)) +- return PTR_ERR(chip); ++ if (IS_ERR(chip)) { ++ rc = PTR_ERR(chip); ++ goto out; ++ } + + dev_set_drvdata(&chip->dev, priv); + chip->acpi_dev_handle = device->handle; + chip->flags = TPM_CHIP_FLAG_TPM2; + +- return tpm_chip_register(chip); ++ rc = tpm_chip_register(chip); ++ ++out: ++ acpi_put_table((struct acpi_table_header *)buf); ++ return rc; + } + + static int crb_acpi_remove(struct acpi_device *device) diff --git a/queue-4.14/tpm-tpm_tis-add-the-missed-acpi_put_table-to-fix-memory-leak.patch b/queue-4.14/tpm-tpm_tis-add-the-missed-acpi_put_table-to-fix-memory-leak.patch new file mode 100644 index 00000000000..d67347f119b --- /dev/null +++ b/queue-4.14/tpm-tpm_tis-add-the-missed-acpi_put_table-to-fix-memory-leak.patch @@ -0,0 +1,55 @@ +From db9622f762104459ff87ecdf885cc42c18053fd9 Mon Sep 17 00:00:00 2001 +From: Hanjun Guo +Date: Thu, 17 Nov 2022 19:23:42 +0800 +Subject: tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak + +From: Hanjun Guo + +commit db9622f762104459ff87ecdf885cc42c18053fd9 upstream. + +In check_acpi_tpm2(), we get the TPM2 table just to make +sure the table is there, not used after the init, so the +acpi_put_table() should be added to release the ACPI memory. + +Fixes: 4cb586a188d4 ("tpm_tis: Consolidate the platform and acpi probe flow") +Cc: stable@vger.kernel.org +Signed-off-by: Hanjun Guo +Signed-off-by: Jarkko Sakkinen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/char/tpm/tpm_tis.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +--- a/drivers/char/tpm/tpm_tis.c ++++ b/drivers/char/tpm/tpm_tis.c +@@ -105,6 +105,7 @@ static int check_acpi_tpm2(struct device + const struct acpi_device_id *aid = acpi_match_device(tpm_acpi_tbl, dev); + struct acpi_table_tpm2 *tbl; + acpi_status st; ++ int ret = 0; + + if (!aid || aid->driver_data != DEVICE_IS_TPM2) + return 0; +@@ -112,8 +113,7 @@ static int check_acpi_tpm2(struct device + /* If the ACPI TPM2 signature is matched then a global ACPI_SIG_TPM2 + * table is mandatory + */ +- st = +- acpi_get_table(ACPI_SIG_TPM2, 1, (struct acpi_table_header **)&tbl); ++ st = acpi_get_table(ACPI_SIG_TPM2, 1, (struct acpi_table_header **)&tbl); + if (ACPI_FAILURE(st) || tbl->header.length < sizeof(*tbl)) { + dev_err(dev, FW_BUG "failed to get TPM2 ACPI table\n"); + return -EINVAL; +@@ -121,9 +121,10 @@ static int check_acpi_tpm2(struct device + + /* The tpm2_crb driver handles this device */ + if (tbl->start_method != ACPI_TPM2_MEMORY_MAPPED) +- return -ENODEV; ++ ret = -ENODEV; + +- return 0; ++ acpi_put_table((struct acpi_table_header *)tbl); ++ return ret; + } + #else + static int check_acpi_tpm2(struct device *dev) -- 2.47.3