[SRU][J/F][PATCH 0/1] CVE-2024-38611

[Hui Wang]

[Impact]

Using __exit for the remove function results in the remove callback
being discarded with CONFIG_VIDEO_ET8EK8=y. When such a device gets
unbound (e.g. using sysfs or hotplug), the driver is just removed
without the cleanup being performed. This results in resource leaks. Fix
it by compiling in the remove callback unconditionally.


[Backport]

This backport adjusts context due to 2 conflict, the 1st one is
the return type of et8ek8_remove(), in J and F, the return type is int
while in original commit the return type is void, here I kept the
return type to int; the other one is probe function type, in the J and
F, it is probe_new, in the original commit, it is probe, here I kept
probe_new since it is unrelevant to this CVE case.

If we want to change the return type to void for et8ek8_remove(), we
need to backport 1 patches which will impact all i2c drivers:
ed5c2f5fd10d ("i2c: Make remove callback return void")

If we want to change the probe_new to probe, we need to backport 2
commits which will impact all i2c drivers:
03c835f498b5 ("i2c: Switch .probe() to not take an id parameter")
aaeb31c00e61 ("media: Switch i2c drivers back to use .probe()")


[Fix]

Noble:  Already fixed
Jammy:  Backported from mainline v6.10-rc1, see explanation in [Backport]
Focal:  Backported from mainline v6.10-rc1, see explanation in [Backport]
Bionic: sent to the -esm
Xenial: Not affected
Trusty: Not affected

[Test Case]

Compile and boot test.


[Where problems could occur]

The change is on v4l2/media driver, if there is regression, it could
impact media driver. But the likely of regression is very low, the
change is straightforward and simple.

Uwe Kleine-König (1):
  media: i2c: et8ek8: Don't strip remove function when driver is builtin

 drivers/media/i2c/et8ek8/et8ek8_driver.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

-- 
2.34.1