!12517 fix CVE-2024-47742

	mutex_unlock(&fw_lock);

}

/*

 * Reject firmware file names with ".." path components.

 * There are drivers that construct firmware file names from device-supplied

 * strings, and we don't want some device to be able to tell us "I would like to

 * be sent my firmware from ../../../etc/shadow, please".

 *

 * Search for ".." surrounded by either '/' or start/end of string.

 *

 * This intentionally only looks at the firmware name, not at the firmware base

 * directory or at symlink contents.

 */

static bool name_contains_dotdot(const char *name)

{

	size_t name_len = strlen(name);

	return strcmp(name, "..") == 0 || strncmp(name, "../", 3) == 0 ||

	       strstr(name, "/../") != NULL ||

	       (name_len >= 3 && strcmp(name+name_len-3, "/..") == 0);

}

/* called from request_firmware() and request_firmware_work_func() */

static int

_request_firmware(const struct firmware **firmware_p, const char *name,

		goto out;

	}

	if (name_contains_dotdot(name)) {

		dev_warn(device,

			 "Firmware load for '%s' refused, path contains '..' component\n",

			 name);

		ret = -EINVAL;

		goto out;

	}

	ret = _request_firmware_prepare(&fw, name, device, buf, size,

					offset, opt_flags);

	if (ret <= 0) /* error or already assigned */

 *      @name will be used as $FIRMWARE in the uevent environment and

 *      should be distinctive enough not to be confused with any other

 *      firmware image for this or any other device.

 *	It must not contain any ".." path components - "foo/bar..bin" is

 *	allowed, but "foo/../bar.bin" is not.

 *

 *	Caller must hold the reference count of @device.

 *