ACK[N/F] NACK[J]: [SRU][N/J/F][PATCH 0/1] CVE-2024-39484

[Roxana Nicolescu]

On 19/07/2024 21:23, Bethany Jamison wrote:
> [Impact]
>
> mmc: davinci: Don't strip remove function when driver is builtin
>
> Using __exit for the remove function results in the remove callback being
> discarded with CONFIG_MMC_DAVINCI=y. When such a device gets unbound (e.g.
> using sysfs or hotplug), the driver is just removed without the cleanup
> being performed. This results in resource leaks. Fix it by compiling in the
> remove callback unconditionally.
>
> [Fix]
>
> Noble:	Clean cherry-pick from linux-6.9.y
> Jammy:	Clean cherry-pick from linux-5.10.y
> Focal:	Jammy patch applied cleanly
> Bionic:	fix sent to esm ML
> Xenial:	fix sent to esm ML
> Trusty: not going to be fixed by us
>
> [Test Case]
>
> Compile and boot tested
>
> [Where problems could occur]
>
> This fix affects those who use the Texas Instruments DaVinci MMC/SD/SDIO
> driver, an issue with this fix would be visible to the user via a
> decrease in system performance or a system crash.
>
> Uwe Kleine-König (1):
>    mmc: davinci: Don't strip remove function when driver is builtin
>
>   drivers/mmc/host/davinci_mmc.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
>
Applied to noble:linux, focal:linux master-next branches.

For jammy I have initially applied this as well, but it interfered with 
the update from v5.15.162.
It contains the commit "mmc: davinci: Don't strip remove function when 
driver is builtin",
but after this commit "mmc: davinci_mmc: Convert to platform remove 
callback returning void" that changes the signature of the function.
To make things easier, I dropped your fix and used the fix from upstream 
v5.15.162 but included the CVE reference in the commit message.