diff options
| author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-04-29 13:54:38 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-04-29 13:54:38 +0200 |
| commit | c4e84b254c0addc16f1796fb8108ecf3abee12aa (patch) | |
| tree | 4219b998092a266a0da20f64aa34d9d5d6c2dd6b | |
| parent | d8f8d767df3e713a6f1905c34ad1d8613cb4fa6f (diff) | |
| download | stable-queue-c4e84b254c0addc16f1796fb8108ecf3abee12aa.tar.gz | |
5.10-stable patches
added patches:
irqchip-gic-v3-its-prevent-double-free-on-error.patch
| -rw-r--r-- | queue-5.10/irqchip-gic-v3-its-prevent-double-free-on-error.patch | 52 | ||||
| -rw-r--r-- | queue-5.10/series | 1 |
2 files changed, 53 insertions, 0 deletions
diff --git a/queue-5.10/irqchip-gic-v3-its-prevent-double-free-on-error.patch b/queue-5.10/irqchip-gic-v3-its-prevent-double-free-on-error.patch new file mode 100644 index 0000000000..a68415eab8 --- /dev/null +++ b/queue-5.10/irqchip-gic-v3-its-prevent-double-free-on-error.patch @@ -0,0 +1,52 @@ +From c26591afd33adce296c022e3480dea4282b7ef91 Mon Sep 17 00:00:00 2001 +From: Guanrui Huang <guanrui.huang@linux.alibaba.com> +Date: Thu, 18 Apr 2024 14:10:52 +0800 +Subject: irqchip/gic-v3-its: Prevent double free on error + +From: Guanrui Huang <guanrui.huang@linux.alibaba.com> + +commit c26591afd33adce296c022e3480dea4282b7ef91 upstream. + +The error handling path in its_vpe_irq_domain_alloc() causes a double free +when its_vpe_init() fails after successfully allocating at least one +interrupt. This happens because its_vpe_irq_domain_free() frees the +interrupts along with the area bitmap and the vprop_page and +its_vpe_irq_domain_alloc() subsequently frees the area bitmap and the +vprop_page again. + +Fix this by unconditionally invoking its_vpe_irq_domain_free() which +handles all cases correctly and by removing the bitmap/vprop_page freeing +from its_vpe_irq_domain_alloc(). + +[ tglx: Massaged change log ] + +Fixes: 7d75bbb4bc1a ("irqchip/gic-v3-its: Add VPE irq domain allocation/teardown") +Signed-off-by: Guanrui Huang <guanrui.huang@linux.alibaba.com> +Signed-off-by: Thomas Gleixner <tglx@linutronix.de> +Reviewed-by: Marc Zyngier <maz@kernel.org> +Reviewed-by: Zenghui Yu <yuzenghui@huawei.com> +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20240418061053.96803-2-guanrui.huang@linux.alibaba.com +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + drivers/irqchip/irq-gic-v3-its.c | 9 ++------- + 1 file changed, 2 insertions(+), 7 deletions(-) + +--- a/drivers/irqchip/irq-gic-v3-its.c ++++ b/drivers/irqchip/irq-gic-v3-its.c +@@ -4508,13 +4508,8 @@ static int its_vpe_irq_domain_alloc(stru + set_bit(i, bitmap); + } + +- if (err) { +- if (i > 0) +- its_vpe_irq_domain_free(domain, virq, i); +- +- its_lpi_free(bitmap, base, nr_ids); +- its_free_prop_table(vprop_page); +- } ++ if (err) ++ its_vpe_irq_domain_free(domain, virq, i); + + return err; + } diff --git a/queue-5.10/series b/queue-5.10/series index 6b53c7325e..4093b2a0c9 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -118,3 +118,4 @@ cpu-re-enable-cpu-mitigations-by-default-for-x86-architectures.patch arm64-dts-rockchip-enable-internal-pull-up-for-q7_thrm-on-rk3399-puma.patch drm-amdgpu-sdma5.2-use-legacy-hdp-flush-for-sdma2-3.patch drm-amdgpu-fix-leak-when-gpu-memory-allocation-fails.patch +irqchip-gic-v3-its-prevent-double-free-on-error.patch |