This is a note to let you know that I've just added the patch titled
of: dynamic: Fix potential memory leak in of_changeset_action()
to the 5.10-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
of-dynamic-fix-potential-memory-leak-in-of_changeset_action.patch
and it can be found in the queue-5.10 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 55e95bfccf6db8d26a66c46e1de50d53c59a6774 Mon Sep 17 00:00:00 2001
From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Date: Fri, 8 Sep 2023 10:03:50 +0300
Subject: of: dynamic: Fix potential memory leak in of_changeset_action()
From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
commit 55e95bfccf6db8d26a66c46e1de50d53c59a6774 upstream.
Smatch complains that the error path where "action" is invalid leaks
the "ce" allocation:
drivers/of/dynamic.c:935 of_changeset_action()
warn: possible memory leak of 'ce'
Fix this by doing the validation before the allocation.
Note that there is not any actual problem with upstream kernels. All
callers of of_changeset_action() are static inlines with fixed action
values.
Fixes: 914d9d831e61 ("of: dynamic: Refactor action prints to not use "%pOF" inside devtree_lock")
Reported-by: kernel test robot <lkp@xxxxxxxxx>
Closes: https://lore.kernel.org/r/202309011059.EOdr4im9-lkp@xxxxxxxxx/
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Reviewed-by: Geert Uytterhoeven <geert+renesas@xxxxxxxxx>
Link: https://lore.kernel.org/r/7dfaf999-30ad-491c-9615-fb1138db121c@moroto.mountain
Signed-off-by: Rob Herring <robh@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/of/dynamic.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/of/dynamic.c
+++ b/drivers/of/dynamic.c
@@ -893,13 +893,13 @@ int of_changeset_action(struct of_change
{
struct of_changeset_entry *ce;
+ if (WARN_ON(action >= ARRAY_SIZE(action_names)))
+ return -EINVAL;
+
ce = kzalloc(sizeof(*ce), GFP_KERNEL);
if (!ce)
return -ENOMEM;
- if (WARN_ON(action >= ARRAY_SIZE(action_names)))
- return -EINVAL;
-
/* get a reference to the node */
ce->action = action;
ce->np = of_node_get(np);
Patches currently in stable-queue which might be from dan.carpenter@xxxxxxxxxx are
queue-5.10/of-dynamic-fix-potential-memory-leak-in-of_changeset_action.patch
queue-5.10/btrfs-reset-destination-buffer-when-read_extent_buff.patch
queue-5.10/power-supply-ucs1002-fix-error-code-in-ucs1002_get_p.patch
queue-5.10/bpf-fix-tr-dereferencing.patch
queue-5.10/net-ethernet-ti-am65-cpsw-fix-error-code-in-am65_cps.patch
