- Kernel - mailweb.openeuler.org

[PATCH OLK-5.10] EDAC/bluefield: Fix potential integer overflow
by liukai 30 Dec '24

30 Dec '24

From: David Thompson <davthompson(a)nvidia.com> stable inclusion from stable-v5.10.231 commit e0269ea7a628fdeddd65b92fe29c09655dbb80b9 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBDHGU CVE: CVE-2024-53161 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- [ Upstream commit 1fe774a93b46bb029b8f6fa9d1f25affa53f06c6 ] The 64-bit argument for the "get DIMM info" SMC call consists of mem_ctrl_idx left-shifted 16 bits and OR-ed with DIMM index. With mem_ctrl_idx defined as 32-bits wide the left-shift operation truncates the upper 16 bits of information during the calculation of the SMC argument. The mem_ctrl_idx stack variable must be defined as 64-bits wide to prevent any potential integer overflow, i.e. loss of data from upper 16 bits. Fixes: 82413e562ea6 ("EDAC, mellanox: Add ECC support for BlueField DDR4") Signed-off-by: David Thompson <davthompson(a)nvidia.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Shravan Kumar Ramani <shravankr(a)nvidia.com> Link: https://lore.kernel.org/r/20240930151056.10158-1-davthompson@nvidia.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Liu Kai <liukai284(a)huawei.com> --- drivers/edac/bluefield_edac.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/edac/bluefield_edac.c b/drivers/edac/bluefield_edac.c index e4736eb37bfb..0ef048982768 100644 --- a/drivers/edac/bluefield_edac.c +++ b/drivers/edac/bluefield_edac.c @@ -180,7 +180,7 @@ static void bluefield_edac_check(struct mem_ctl_info *mci) static void bluefield_edac_init_dimms(struct mem_ctl_info *mci) { struct bluefield_edac_priv *priv = mci->pvt_info; - int mem_ctrl_idx = mci->mc_idx; + u64 mem_ctrl_idx = mci->mc_idx; struct dimm_info *dimm; u64 smc_info, smc_arg; int is_empty = 1, i; -- 2.34.1

2 1

[PATCH OLK-6.6] EDAC/bluefield: Fix potential integer overflow
by liukai 30 Dec '24

30 Dec '24

From: David Thompson <davthompson(a)nvidia.com> stable inclusion from stable-v6.6.64 commit ac6ebb9edcdb7077e841862c402697c4c48a7c0a category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBDHGU CVE: CVE-2024-53161 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- [ Upstream commit 1fe774a93b46bb029b8f6fa9d1f25affa53f06c6 ] The 64-bit argument for the "get DIMM info" SMC call consists of mem_ctrl_idx left-shifted 16 bits and OR-ed with DIMM index. With mem_ctrl_idx defined as 32-bits wide the left-shift operation truncates the upper 16 bits of information during the calculation of the SMC argument. The mem_ctrl_idx stack variable must be defined as 64-bits wide to prevent any potential integer overflow, i.e. loss of data from upper 16 bits. Fixes: 82413e562ea6 ("EDAC, mellanox: Add ECC support for BlueField DDR4") Signed-off-by: David Thompson <davthompson(a)nvidia.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Shravan Kumar Ramani <shravankr(a)nvidia.com> Link: https://lore.kernel.org/r/20240930151056.10158-1-davthompson@nvidia.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Liu Kai <liukai284(a)huawei.com> --- drivers/edac/bluefield_edac.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/edac/bluefield_edac.c b/drivers/edac/bluefield_edac.c index e4736eb37bfb..0ef048982768 100644 --- a/drivers/edac/bluefield_edac.c +++ b/drivers/edac/bluefield_edac.c @@ -180,7 +180,7 @@ static void bluefield_edac_check(struct mem_ctl_info *mci) static void bluefield_edac_init_dimms(struct mem_ctl_info *mci) { struct bluefield_edac_priv *priv = mci->pvt_info; - int mem_ctrl_idx = mci->mc_idx; + u64 mem_ctrl_idx = mci->mc_idx; struct dimm_info *dimm; u64 smc_info, smc_arg; int is_empty = 1, i; -- 2.34.1

2 1

[PATCH OLK-6.6] clk: clk-apple-nco: Add NULL check in applnco_probe
by liukai 30 Dec '24

30 Dec '24

From: Charles Han <hanchunchao(a)inspur.com> stable inclusion from stable-v6.6.64 commit 72ea9a7e9e260aa39f9d1c9254cf92adfb05c4f5 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBDHGX CVE: CVE-2024-53154 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- [ Upstream commit 969c765e2b508cca9099d246c010a1e48dcfd089 ] Add NULL check in applnco_probe, to handle kernel NULL pointer dereference error. Fixes: 6641057d5dba ("clk: clk-apple-nco: Add driver for Apple NCO") Signed-off-by: Charles Han <hanchunchao(a)inspur.com> Link: https://lore.kernel.org/r/20241114072820.3071-1-hanchunchao@inspur.com Reviewed-by: Martin Povišer <povik+lin(a)cutebit.org> Signed-off-by: Stephen Boyd <sboyd(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed—off-by: Liu Kai <liukai284(a)huawei.com> --- drivers/clk/clk-apple-nco.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/clk/clk-apple-nco.c b/drivers/clk/clk-apple-nco.c index 39472a51530a..457a48d48941 100644 --- a/drivers/clk/clk-apple-nco.c +++ b/drivers/clk/clk-apple-nco.c @@ -297,6 +297,9 @@ static int applnco_probe(struct platform_device *pdev) memset(&init, 0, sizeof(init)); init.name = devm_kasprintf(&pdev->dev, GFP_KERNEL, "%s-%d", np->name, i); + if (!init.name) + return -ENOMEM; + init.ops = &applnco_ops; init.parent_data = &pdata; init.num_parents = 1; -- 2.34.1

2 1

[PATCH OLK-5.10 0/2] CVE-2024-53217
by Li Lingfeng 30 Dec '24

30 Dec '24

Chuck Lever (1): NFSD: Prevent NULL dereference in nfsd4_process_cb_update() NeilBrown (1): nfsd: restore callback functionality for NFSv4.0 fs/nfsd/nfs4callback.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.31.1

2 3

[PATCH OLK-6.6 0/2] CVE-2024-53217
by Li Lingfeng 30 Dec '24

30 Dec '24

Chuck Lever (1): NFSD: Prevent NULL dereference in nfsd4_process_cb_update() NeilBrown (1): nfsd: restore callback functionality for NFSv4.0 fs/nfsd/nfs4callback.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.31.1

2 3

[PATCH openEuler-1.0-LTS 0/2] CVE-2024-53217
by Li Lingfeng 30 Dec '24

30 Dec '24

Chuck Lever (1): NFSD: Prevent NULL dereference in nfsd4_process_cb_update() NeilBrown (1): nfsd: restore callback functionality for NFSv4.0 fs/nfsd/nfs4callback.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.31.1

2 3

[PATCH openEuler-1.0-LTS] nfs: nfs4_callback_compound should put client with async mode
by Li Lingfeng 30 Dec '24

30 Dec '24

From: Yang Erkun <yangerkun(a)huawei.com> hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IB4H3O CVE: NA -------------------------------- Our syztester report hungtask as below: INFO: task NFSv4 callback:93188 blocked for more than 1310 seconds. Not tainted 5.10.0-00574-gc310db27923f-dirty #16 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:NFSv4 callback state:D stack: 0 pid:93188 ppid: 2 flags:0x00000208 Call trace: __switch_to+0x98/0xdc arch/arm64/kernel/process.c:639 context_switch kernel/sched/core.c:4055 [inline] __schedule+0x690/0xf0c kernel/sched/core.c:5003 schedule+0xd8/0x220 kernel/sched/core.c:5139 schedule_timeout+0x390/0x42c kernel/time/timer.c:2126 do_wait_for_common kernel/sched/completion.c:85 [inline] __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common+0x148/0x240 kernel/sched/completion.c:117 wait_for_completion+0x20/0x30 kernel/sched/completion.c:138 kthread_stop+0xf8/0x39c kernel/kthread.c:671 svc_stop_kthreads+0x138/0x260 net/sunrpc/svc.c:797 svc_set_num_threads+0xc8/0xe4 net/sunrpc/svc.c:818 nfs_callback_down+0x120/0x200 fs/nfs/callback.c:325 nfs4_destroy_callback fs/nfs/nfs4client.c:279 [inline] nfs4_shutdown_client+0x138/0x150 fs/nfs/nfs4client.c:287 nfs4_free_client+0x20/0x40 fs/nfs/nfs4client.c:303 nfs_put_client+0x238/0x340 fs/nfs/client.c:273 nfs4_callback_compound+0x2cc/0x630 fs/nfs/callback_xdr.c:981 nfs_callback_dispatch+0x44/0x6c fs/nfs/callback_xdr.c:995 svc_process_common+0x9a0/0xdf0 net/sunrpc/svc.c:1400 svc_process+0x138/0x1c4 net/sunrpc/svc.c:1542 nfs4_callback_svc+0x58/0x90 fs/nfs/callback.c:89 kthread+0x1e0/0x220 kernel/kthread.c:328 ret_from_fork+0x10/0x18 arch/arm64/kernel/entry.S:1727 When cl_count for nfs_client down to zero, nfs_put_client will trigger nfs4_free_client, then svc_set_num_threads in nfs_callback_down will signal all callback threads and wait until they success exist. So if the last cl_count was put from nfs4_callback_compound, we will deadlock. Fix it using async mode to do this. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Yang Erkun <yangerkun(a)huawei.com> Conflicts: fs/nfs/callback_xdr.c fs/nfs/internal.h [Commit 2bb50aabb6f3("NFS4: Report callback authentication errors") separates the judgment of cps.clp and check_gss_callback_principal; commit 10b7a70cbb81("NFS: Cleanup - add nfs_clients_exit to mirror nfs_clients_init") remove nfs_cleanup_cb_ident_idr from fs/nfs/internal.h.] Signed-off-by: Li Lingfeng <lilingfeng3(a)huawei.com> Reviewed-by: Yang Erkun <yangerkun(a)huawei.com> --- fs/nfs/callback_xdr.c | 6 +++--- fs/nfs/client.c | 33 +++++++++++++++++++++++++++++++++ fs/nfs/internal.h | 1 + include/linux/nfs_fs_sb.h | 1 + 4 files changed, 38 insertions(+), 3 deletions(-) diff --git a/fs/nfs/callback_xdr.c b/fs/nfs/callback_xdr.c index 2f84c612838c..2d7dd9b65a8c 100644 --- a/fs/nfs/callback_xdr.c +++ b/fs/nfs/callback_xdr.c @@ -952,7 +952,7 @@ static __be32 nfs4_callback_compound(struct svc_rqst *rqstp) cps.clp = nfs4_find_client_ident(SVC_NET(rqstp), hdr_arg.cb_ident); if (!cps.clp || !check_gss_callback_principal(cps.clp, rqstp)) { if (cps.clp) - nfs_put_client(cps.clp); + nfs_async_put_client(cps.clp); goto out_invalidcred; } } @@ -962,7 +962,7 @@ static __be32 nfs4_callback_compound(struct svc_rqst *rqstp) hdr_res.tag = hdr_arg.tag; if (encode_compound_hdr_res(&xdr_out, &hdr_res) != 0) { if (cps.clp) - nfs_put_client(cps.clp); + nfs_async_put_client(cps.clp); return rpc_system_err; } while (status == 0 && nops != hdr_arg.nops) { @@ -982,7 +982,7 @@ static __be32 nfs4_callback_compound(struct svc_rqst *rqstp) *hdr_res.status = status; *hdr_res.nops = htonl(nops); nfs4_cb_free_slot(&cps); - nfs_put_client(cps.clp); + nfs_async_put_client(cps.clp); return rpc_success; out_invalidcred: diff --git a/fs/nfs/client.c b/fs/nfs/client.c index 7d02dc52209d..a05ee74d6443 100644 --- a/fs/nfs/client.c +++ b/fs/nfs/client.c @@ -283,6 +283,39 @@ void nfs_put_client(struct nfs_client *clp) } EXPORT_SYMBOL_GPL(nfs_put_client); +static void nfs_free_client_work(struct work_struct *work) +{ + struct nfs_client *clp = + container_of(work, struct nfs_client, free_work); + + clp->rpc_ops->free_client(clp); +} + +/* + * Similar to nfs_put_client, but call free_client with async mode + */ +void nfs_async_put_client(struct nfs_client *clp) +{ + struct nfs_net *nn; + + if (!clp) + return; + + nn = net_generic(clp->cl_net, nfs_net_id); + + if (refcount_dec_and_lock(&clp->cl_count, &nn->nfs_client_lock)) { + list_del(&clp->cl_share_link); + nfs_cb_idr_remove_locked(clp); + spin_unlock(&nn->nfs_client_lock); + + WARN_ON_ONCE(!list_empty(&clp->cl_superblocks)); + + INIT_WORK(&clp->free_work, nfs_free_client_work); + queue_work(nfsiod_workqueue, &clp->free_work); + } +} +EXPORT_SYMBOL_GPL(nfs_async_put_client); + /* * Find an nfs_client on the list that matches the initialisation data * that is supplied. diff --git a/fs/nfs/internal.h b/fs/nfs/internal.h index ad938771813c..44ca5300e6e2 100644 --- a/fs/nfs/internal.h +++ b/fs/nfs/internal.h @@ -180,6 +180,7 @@ void nfs_server_copy_userdata(struct nfs_server *, struct nfs_server *); extern void nfs_cleanup_cb_ident_idr(struct net *); extern void nfs_put_client(struct nfs_client *); +extern void nfs_async_put_client(struct nfs_client *clp); extern void nfs_free_client(struct nfs_client *); extern struct nfs_client *nfs4_find_client_ident(struct net *, int); extern struct nfs_client * diff --git a/include/linux/nfs_fs_sb.h b/include/linux/nfs_fs_sb.h index 7023ae64e3d7..14a40789be5d 100644 --- a/include/linux/nfs_fs_sb.h +++ b/include/linux/nfs_fs_sb.h @@ -52,6 +52,7 @@ struct nfs_client { char * cl_acceptor; /* GSSAPI acceptor name */ struct list_head cl_share_link; /* link in global client list */ struct list_head cl_superblocks; /* List of nfs_server structs */ + struct work_struct free_work; struct rpc_clnt * cl_rpcclient; const struct nfs_rpc_ops *rpc_ops; /* NFS protocol vector */ -- 2.31.1

2 1

[openEuler-22.03-LTS-SP1] EDAC/bluefield: Fix potential integer overflow
by liukai 30 Dec '24

30 Dec '24

From: David Thompson <davthompson(a)nvidia.com> stable inclusion from stable-v5.10.231 commit e0269ea7a628fdeddd65b92fe29c09655dbb80b9 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBDHGU CVE: CVE-2024-53161 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- [ Upstream commit 1fe774a93b46bb029b8f6fa9d1f25affa53f06c6 ] The 64-bit argument for the "get DIMM info" SMC call consists of mem_ctrl_idx left-shifted 16 bits and OR-ed with DIMM index. With mem_ctrl_idx defined as 32-bits wide the left-shift operation truncates the upper 16 bits of information during the calculation of the SMC argument. The mem_ctrl_idx stack variable must be defined as 64-bits wide to prevent any potential integer overflow, i.e. loss of data from upper 16 bits. Fixes: 82413e562ea6 ("EDAC, mellanox: Add ECC support for BlueField DDR4") Signed-off-by: David Thompson <davthompson(a)nvidia.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Shravan Kumar Ramani <shravankr(a)nvidia.com> Link: https://lore.kernel.org/r/20240930151056.10158-1-davthompson@nvidia.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Liu Kai <liukai284(a)huawei.com> --- drivers/edac/bluefield_edac.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/edac/bluefield_edac.c b/drivers/edac/bluefield_edac.c index e4736eb37bfb..0ef048982768 100644 --- a/drivers/edac/bluefield_edac.c +++ b/drivers/edac/bluefield_edac.c @@ -180,7 +180,7 @@ static void bluefield_edac_check(struct mem_ctl_info *mci) static void bluefield_edac_init_dimms(struct mem_ctl_info *mci) { struct bluefield_edac_priv *priv = mci->pvt_info; - int mem_ctrl_idx = mci->mc_idx; + u64 mem_ctrl_idx = mci->mc_idx; struct dimm_info *dimm; u64 smc_info, smc_arg; int is_empty = 1, i; -- 2.34.1

1 0

[PATCH OLK-5.10] dm cache: fix flushing uninitialized delayed_work on cache_ctr error
by Kaixiong Yu 30 Dec '24

30 Dec '24

From: Ming-Hung Tsai <mtsai(a)redhat.com> stable inclusion from stable-v6.6.61 commit 8cc12dab635333c4ea28e72d7b947be7d0543c2c category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB5AVP CVE: CVE-2024-50280 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- commit 135496c208ba26fd68cdef10b64ed7a91ac9a7ff upstream. An unexpected WARN_ON from flush_work() may occur when cache creation fails, caused by destroying the uninitialized delayed_work waker in the error path of cache_create(). For example, the warning appears on the superblock checksum error. Reproduce steps: dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" dmsetup create cdata --table "0 65536 linear /dev/sdc 8192" dmsetup create corig --table "0 524288 linear /dev/sdc 262144" dd if=/dev/urandom of=/dev/mapper/cmeta bs=4k count=1 oflag=direct dmsetup create cache --table "0 524288 cache /dev/mapper/cmeta \ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0" Kernel logs: (snip) WARNING: CPU: 0 PID: 84 at kernel/workqueue.c:4178 __flush_work+0x5d4/0x890 Fix by pulling out the cancel_delayed_work_sync() from the constructor's error path. This patch doesn't affect the use-after-free fix for concurrent dm_resume and dm_destroy (commit 6a459d8edbdb ("dm cache: Fix UAF in destroy()")) as cache_dtr is not changed. Signed-off-by: Ming-Hung Tsai <mtsai(a)redhat.com> Fixes: 6a459d8edbdb ("dm cache: Fix UAF in destroy()") Cc: stable(a)vger.kernel.org Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> Acked-by: Joe Thornber <thornber(a)redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Conflicts: drivers/md/dm-cache-target.c [Because HULK-5.10 don't merge mainline patch 86a3238c7b9b759cb864f4f768ab2e24687dc0e6("dm: change "unsigned" to "unsigned int" ")] Signed-off-by: Kaixiong Yu <yukaixiong(a)huawei.com> --- drivers/md/dm-cache-target.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/drivers/md/dm-cache-target.c b/drivers/md/dm-cache-target.c index e94409aa2f40..d3821837641b 100644 --- a/drivers/md/dm-cache-target.c +++ b/drivers/md/dm-cache-target.c @@ -1960,16 +1960,13 @@ static void check_migrations(struct work_struct *ws) * This function gets called on the error paths of the constructor, so we * have to cope with a partially initialised struct. */ -static void destroy(struct cache *cache) +static void __destroy(struct cache *cache) { - unsigned i; - mempool_exit(&cache->migration_pool); if (cache->prison) dm_bio_prison_destroy_v2(cache->prison); - cancel_delayed_work_sync(&cache->waker); if (cache->wq) destroy_workqueue(cache->wq); @@ -1997,13 +1994,22 @@ static void destroy(struct cache *cache) if (cache->policy) dm_cache_policy_destroy(cache->policy); + bioset_exit(&cache->bs); + + kfree(cache); +} + +static void destroy(struct cache *cache) +{ + unsigned int i; + + cancel_delayed_work_sync(&cache->waker); + for (i = 0; i < cache->nr_ctr_args ; i++) kfree(cache->ctr_args[i]); kfree(cache->ctr_args); - bioset_exit(&cache->bs); - - kfree(cache); + __destroy(cache); } static void cache_dtr(struct dm_target *ti) @@ -2616,7 +2622,7 @@ static int cache_create(struct cache_args *ca, struct cache **result) *result = cache; return 0; bad: - destroy(cache); + __destroy(cache); return r; } @@ -2667,7 +2673,7 @@ static int cache_ctr(struct dm_target *ti, unsigned argc, char **argv) r = copy_ctr_args(cache, argc - 3, (const char **)argv + 3); if (r) { - destroy(cache); + __destroy(cache); goto out; } -- 2.34.1

2 1

[PATCH OLK-6.6] firmware_loader: Fix possible resource leak in fw_log_firmware_info()
by dinglongwei 30 Dec '24

30 Dec '24

From: Gaosheng Cui <cuigaosheng1(a)huawei.com> stable inclusion from stable-v6.6.64 commit 789a72498d32f88d24371c10985aceb46397056c category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBEAFY CVE: CVE-2024-53202 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… -------------------------------- firmware_loader: Fix possible resource leak in fw_log_firmware_info() [ Upstream commit 369a9c046c2fdfe037f05b43b84c386bdbccc103 ] The alg instance should be released under the exception path, otherwise there may be resource leak here. To mitigate this, free the alg instance with crypto_free_shash when kmalloc fails. Fixes: 02fe26f25325 ("firmware_loader: Add debug message with checksum for FW file") Signed-off-by: Gaosheng Cui <cuigaosheng1(a)huawei.com> Reviewed-by: Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> Reviewed-by: Russ Weight <russ.weight(a)linux.dev> Link: https://lore.kernel.org/r/20241016110335.3677924-1-cuigaosheng1@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: dinglongwei <dinglongwei1(a)huawei.com> --- drivers/base/firmware_loader/main.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index 0b18c6b46e65..f3133ba831c5 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -824,19 +824,18 @@ static void fw_log_firmware_info(const struct firmware *fw, const char *name, st shash->tfm = alg; if (crypto_shash_digest(shash, fw->data, fw->size, sha256buf) < 0) - goto out_shash; + goto out_free; for (int i = 0; i < SHA256_DIGEST_SIZE; i++) sprintf(&outbuf[i * 2], "%02x", sha256buf[i]); outbuf[SHA256_BLOCK_SIZE] = 0; dev_dbg(device, "Loaded FW: %s, sha256: %s\n", name, outbuf); -out_shash: - crypto_free_shash(alg); out_free: kfree(shash); kfree(outbuf); kfree(sha256buf); + crypto_free_shash(alg); } #else static void fw_log_firmware_info(const struct firmware *fw, const char *name, -- 2.22.0

2 1

2025

2024

2023

2022

2021

2020

2019

Kernel