Patch "of: dynamic: Fix potential memory leak in of_changeset_action()" has been added to the 6.1-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Sun, 08 Oct 2023 07:39:15 +0200

This is a note to let you know that I've just added the patch titled

    of: dynamic: Fix potential memory leak in of_changeset_action()

to the 6.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     of-dynamic-fix-potential-memory-leak-in-of_changeset_action.patch
and it can be found in the queue-6.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 55e95bfccf6db8d26a66c46e1de50d53c59a6774 Mon Sep 17 00:00:00 2001
From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Date: Fri, 8 Sep 2023 10:03:50 +0300
Subject: of: dynamic: Fix potential memory leak in of_changeset_action()

From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>

commit 55e95bfccf6db8d26a66c46e1de50d53c59a6774 upstream.

Smatch complains that the error path where "action" is invalid leaks
the "ce" allocation:
    drivers/of/dynamic.c:935 of_changeset_action()
    warn: possible memory leak of 'ce'

Fix this by doing the validation before the allocation.

Note that there is not any actual problem with upstream kernels. All
callers of of_changeset_action() are static inlines with fixed action
values.

Fixes: 914d9d831e61 ("of: dynamic: Refactor action prints to not use "%pOF" inside devtree_lock")
Reported-by: kernel test robot <lkp@xxxxxxxxx>
Closes: https://lore.kernel.org/r/202309011059.EOdr4im9-lkp@xxxxxxxxx/
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Reviewed-by: Geert Uytterhoeven <geert+renesas@xxxxxxxxx>
Link: https://lore.kernel.org/r/7dfaf999-30ad-491c-9615-fb1138db121c@moroto.mountain
Signed-off-by: Rob Herring <robh@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 drivers/of/dynamic.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- a/drivers/of/dynamic.c
+++ b/drivers/of/dynamic.c
@@ -902,13 +902,13 @@ int of_changeset_action(struct of_change
 {
 	struct of_changeset_entry *ce;
 
+	if (WARN_ON(action >= ARRAY_SIZE(action_names)))
+		return -EINVAL;
+
 	ce = kzalloc(sizeof(*ce), GFP_KERNEL);
 	if (!ce)
 		return -ENOMEM;
 
-	if (WARN_ON(action >= ARRAY_SIZE(action_names)))
-		return -EINVAL;
-
 	/* get a reference to the node */
 	ce->action = action;
 	ce->np = of_node_get(np);


Patches currently in stable-queue which might be from dan.carpenter@xxxxxxxxxx are

queue-6.1/of-dynamic-fix-potential-memory-leak-in-of_changeset_action.patch
queue-6.1/wifi-mac80211-fix-potential-key-use-after-free.patch
queue-6.1/bpf-fix-tr-dereferencing.patch
queue-6.1/net-ethernet-ti-am65-cpsw-fix-error-code-in-am65_cps.patch






