* [PATCH 3/6 RESEND] x86/microcode/amd: Potentially delete invalid pointer
@ 2021-09-13 9:44 Jiasheng Jiang
0 siblings, 0 replies; only message in thread
From: Jiasheng Jiang @ 2021-09-13 9:44 UTC (permalink / raw)
To: bp, tglx, mingo, x86, hpa; +Cc: linux-kernel, Jiasheng Jiang
Directly use __list_del() to remove 'p->plist' might be unsafe,
as we can see from the __list_del_entry_valid() of 'lib/list_debug.c'
that p->plist->prev or p->plist->next may be the LIST_POISON,
or p->list is not a valid double list.
In that case, __list_del() will be corruption.
Therefore, we suggest that __list_del_entry_valid()
should be added in front of the __list_del() in free_cache.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
---
arch/x86/kernel/cpu/microcode/amd.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c
index 3d4a483..e589cff 100644
--- a/arch/x86/kernel/cpu/microcode/amd.c
+++ b/arch/x86/kernel/cpu/microcode/amd.c
@@ -626,6 +626,8 @@ static void free_cache(void)
struct ucode_patch *p, *tmp;
list_for_each_entry_safe(p, tmp, µcode_cache, plist) {
+ if (!__list_del_entry_valid(&p->plist))
+ continue;
__list_del(p->plist.prev, p->plist.next);
kfree(p->data);
kfree(p);
--
2.7.4
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2021-09-13 9:45 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-13 9:44 [PATCH 3/6 RESEND] x86/microcode/amd: Potentially delete invalid pointer Jiasheng Jiang
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.