This is a note to let you know that I've just added the patch titled firmware: qcom: qseecom: fix memory leaks in error paths to the 6.7-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: firmware-qcom-qseecom-fix-memory-leaks-in-error-path.patch and it can be found in the queue-6.7 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit d8cb4498fa2fe54e593bd810711d174fb1947777 Author: Bartosz Golaszewski <bartosz.golaszewski@xxxxxxxxxx> Date: Mon Nov 27 15:15:48 2023 +0100 firmware: qcom: qseecom: fix memory leaks in error paths [ Upstream commit 6c57d7b593c4a4e60db65d5ce0fe1d9f79ccbe9b ] Fix instances of returning error codes directly instead of jumping to the relevant labels where memory allocated for the SCM calls would be freed. Fixes: 759e7a2b62eb ("firmware: Add support for Qualcomm UEFI Secure Application") Reported-by: kernel test robot <lkp@xxxxxxxxx> Reported-by: Dan Carpenter <error27@xxxxxxxxx> Closes: https://lore.kernel.org/r/202311270828.k4HGcjiL-lkp@xxxxxxxxx/ Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@xxxxxxxxxx> Reviewed-by: Maximilian Luz <luzmaximilian@xxxxxxxxx> Tested-by: Deepti Jaggi <quic_djaggi@xxxxxxxxxxx> #sa8775p-ride Link: https://lore.kernel.org/r/20231127141600.20929-2-brgl@xxxxxxxx Signed-off-by: Bjorn Andersson <andersson@xxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/drivers/firmware/qcom/qcom_qseecom_uefisecapp.c b/drivers/firmware/qcom/qcom_qseecom_uefisecapp.c index a33acdaf7b78..32188f098ef3 100644 --- a/drivers/firmware/qcom/qcom_qseecom_uefisecapp.c +++ b/drivers/firmware/qcom/qcom_qseecom_uefisecapp.c @@ -325,8 +325,10 @@ static efi_status_t qsee_uefi_get_variable(struct qcuefi_client *qcuefi, const e req_data->length = req_size; status = ucs2_strscpy(((void *)req_data) + req_data->name_offset, name, name_length); - if (status < 0) - return EFI_INVALID_PARAMETER; + if (status < 0) { + efi_status = EFI_INVALID_PARAMETER; + goto out_free; + } memcpy(((void *)req_data) + req_data->guid_offset, guid, req_data->guid_size); @@ -471,8 +473,10 @@ static efi_status_t qsee_uefi_set_variable(struct qcuefi_client *qcuefi, const e req_data->length = req_size; status = ucs2_strscpy(((void *)req_data) + req_data->name_offset, name, name_length); - if (status < 0) - return EFI_INVALID_PARAMETER; + if (status < 0) { + efi_status = EFI_INVALID_PARAMETER; + goto out_free; + } memcpy(((void *)req_data) + req_data->guid_offset, guid, req_data->guid_size); @@ -563,8 +567,10 @@ static efi_status_t qsee_uefi_get_next_variable(struct qcuefi_client *qcuefi, memcpy(((void *)req_data) + req_data->guid_offset, guid, req_data->guid_size); status = ucs2_strscpy(((void *)req_data) + req_data->name_offset, name, *name_size / sizeof(*name)); - if (status < 0) - return EFI_INVALID_PARAMETER; + if (status < 0) { + efi_status = EFI_INVALID_PARAMETER; + goto out_free; + } status = qcom_qseecom_app_send(qcuefi->client, req_data, req_size, rsp_data, rsp_size); if (status) { @@ -635,7 +641,7 @@ static efi_status_t qsee_uefi_get_next_variable(struct qcuefi_client *qcuefi, * have already been validated above, causing this function to * bail with EFI_BUFFER_TOO_SMALL. */ - return EFI_DEVICE_ERROR; + efi_status = EFI_DEVICE_ERROR; } out_free: