This is a note to let you know that I've just added the patch titled gpio: cdev: check for NULL labels when sanitizing them for irqs to the 6.8-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: gpio-cdev-check-for-null-labels-when-sanitizing-them-for-irqs.patch and it can be found in the queue-6.8 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From b3b95964590a3d756d69ea8604c856de805479ad Mon Sep 17 00:00:00 2001 From: Bartosz Golaszewski <bartosz.golaszewski@xxxxxxxxxx> Date: Thu, 4 Apr 2024 11:33:27 +0200 Subject: gpio: cdev: check for NULL labels when sanitizing them for irqs From: Bartosz Golaszewski <bartosz.golaszewski@xxxxxxxxxx> commit b3b95964590a3d756d69ea8604c856de805479ad upstream. We need to take into account that a line's consumer label may be NULL and not try to kstrdup() it in that case but rather pass the NULL pointer up the stack to the interrupt request function. To that end: let make_irq_label() return NULL as a valid return value and use ERR_PTR() instead to signal an allocation failure to callers. Cc: stable@xxxxxxxxxxxxxxx Fixes: b34490879baa ("gpio: cdev: sanitize the label before requesting the interrupt") Reported-by: Linux Kernel Functional Testing <lkft@xxxxxxxxxx> Closes: https://lore.kernel.org/lkml/20240402093534.212283-1-naresh.kamboju@xxxxxxxxxx/ Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@xxxxxxxxxx> Tested-by: Anders Roxell <anders.roxell@xxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/gpio/gpiolib-cdev.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) --- a/drivers/gpio/gpiolib-cdev.c +++ b/drivers/gpio/gpiolib-cdev.c @@ -1091,7 +1091,16 @@ static u32 gpio_v2_line_config_debounce_ static inline char *make_irq_label(const char *orig) { - return kstrdup_and_replace(orig, '/', ':', GFP_KERNEL); + char *new; + + if (!orig) + return NULL; + + new = kstrdup_and_replace(orig, '/', ':', GFP_KERNEL); + if (!new) + return ERR_PTR(-ENOMEM); + + return new; } static inline void free_irq_label(const char *label) @@ -1164,8 +1173,8 @@ static int edge_detector_setup(struct li irqflags |= IRQF_ONESHOT; label = make_irq_label(line->req->label); - if (!label) - return -ENOMEM; + if (IS_ERR(label)) + return PTR_ERR(label); /* Request a thread to read the events */ ret = request_threaded_irq(irq, edge_irq_handler, edge_irq_thread, @@ -2223,8 +2232,8 @@ static int lineevent_create(struct gpio_ goto out_free_le; label = make_irq_label(le->label); - if (!label) { - ret = -ENOMEM; + if (IS_ERR(label)) { + ret = PTR_ERR(label); goto out_free_le; } Patches currently in stable-queue which might be from bartosz.golaszewski@xxxxxxxxxx are queue-6.8/gpio-cdev-fix-missed-label-sanitizing-in-debounce_setup.patch queue-6.8/gpiolib-fix-debug-messaging-in-gpiod_find_and_reques.patch queue-6.8/gpio-cdev-check-for-null-labels-when-sanitizing-them-for-irqs.patch queue-6.8/gpio-cdev-sanitize-the-label-before-requesting-the-interrupt.patch