From: Anirudh Rayabharam <mail@anirudhrb.com>
To: mcgrof@kernel.org, gregkh@linuxfoundation.org, rafael@kernel.org,
skhan@linuxfoundation.org
Cc: Anirudh Rayabharam <mail@anirudhrb.com>,
linux-kernel@vger.kernel.org,
linux-kernel-mentees@lists.linuxfoundation.org
Subject: [PATCH v8 0/2] firmware_loader: fix uaf in firmware_fallback_sysfs
Date: Wed, 28 Jul 2021 14:21:05 +0530 [thread overview]
Message-ID: <20210728085107.4141-1-mail@anirudhrb.com> (raw)
This series fixes the use after free in firmware_fallback_sysfs reported by
syzbot at:
https://syzkaller.appspot.com/bug?extid=de271708674e2093097b
The first patch gets rid of the -EAGAIN return since it doesn't make
sense (see patch description for more info). The second patch goes on to
actually fix the use after free issue.
Changes in v8:
1. Added/fixed some comments as suggested by Shuah
Changes in v7:
1. Don't move the error handling code from fw_load_sysfs_fallback
to fw_sysfs_wait_timeout to simplify the patch. Also, the move
is unnecessary.
2. Fix the commit log for patch 1 as per Luis' suggestions.
Changes in v6:
1. v5 didn't actually remove -EAGAIN. So, fixed that.
Changes in v5:
1. Split the patch into two patches as discussed here:
https://lore.kernel.org/lkml/20210715232105.am4wsxfclj2ufjdw@garbanzo/
Changes in v4:
Documented the reasons behind the error codes returned from
fw_sysfs_wait_timeout() as suggested by Luis Chamberlain.
Changes in v3:
Modified the patch to incorporate suggestions by Luis Chamberlain in
order to fix the root cause instead of applying a "band-aid" kind of
fix.
https://lore.kernel.org/lkml/20210403013143.GV4332@42.do-not-panic.com/
Changes in v2:
1. Fixed 1 error and 1 warning (in the commit message) reported by
checkpatch.pl. The error was regarding the format for referring to
another commit "commit <sha> ("oneline")". The warning was for line
longer than 75 chars.
Anirudh Rayabharam (2):
firmware_loader: use -ETIMEDOUT instead of -EAGAIN in
fw_load_sysfs_fallback
firmware_loader: fix use-after-free in firmware_fallback_sysfs
drivers/base/firmware_loader/fallback.c | 14 ++++++++------
drivers/base/firmware_loader/firmware.h | 10 +++++++++-
drivers/base/firmware_loader/main.c | 2 ++
3 files changed, 19 insertions(+), 7 deletions(-)
--
2.26.2
WARNING: multiple messages have this Message-ID (diff)
From: Anirudh Rayabharam <mail@anirudhrb.com>
To: mcgrof@kernel.org, gregkh@linuxfoundation.org, rafael@kernel.org,
skhan@linuxfoundation.org
Cc: linux-kernel-mentees@lists.linuxfoundation.org,
linux-kernel@vger.kernel.org
Subject: [PATCH v8 0/2] firmware_loader: fix uaf in firmware_fallback_sysfs
Date: Wed, 28 Jul 2021 14:21:05 +0530 [thread overview]
Message-ID: <20210728085107.4141-1-mail@anirudhrb.com> (raw)
This series fixes the use after free in firmware_fallback_sysfs reported by
syzbot at:
https://syzkaller.appspot.com/bug?extid=de271708674e2093097b
The first patch gets rid of the -EAGAIN return since it doesn't make
sense (see patch description for more info). The second patch goes on to
actually fix the use after free issue.
Changes in v8:
1. Added/fixed some comments as suggested by Shuah
Changes in v7:
1. Don't move the error handling code from fw_load_sysfs_fallback
to fw_sysfs_wait_timeout to simplify the patch. Also, the move
is unnecessary.
2. Fix the commit log for patch 1 as per Luis' suggestions.
Changes in v6:
1. v5 didn't actually remove -EAGAIN. So, fixed that.
Changes in v5:
1. Split the patch into two patches as discussed here:
https://lore.kernel.org/lkml/20210715232105.am4wsxfclj2ufjdw@garbanzo/
Changes in v4:
Documented the reasons behind the error codes returned from
fw_sysfs_wait_timeout() as suggested by Luis Chamberlain.
Changes in v3:
Modified the patch to incorporate suggestions by Luis Chamberlain in
order to fix the root cause instead of applying a "band-aid" kind of
fix.
https://lore.kernel.org/lkml/20210403013143.GV4332@42.do-not-panic.com/
Changes in v2:
1. Fixed 1 error and 1 warning (in the commit message) reported by
checkpatch.pl. The error was regarding the format for referring to
another commit "commit <sha> ("oneline")". The warning was for line
longer than 75 chars.
Anirudh Rayabharam (2):
firmware_loader: use -ETIMEDOUT instead of -EAGAIN in
fw_load_sysfs_fallback
firmware_loader: fix use-after-free in firmware_fallback_sysfs
drivers/base/firmware_loader/fallback.c | 14 ++++++++------
drivers/base/firmware_loader/firmware.h | 10 +++++++++-
drivers/base/firmware_loader/main.c | 2 ++
3 files changed, 19 insertions(+), 7 deletions(-)
--
2.26.2
_______________________________________________
Linux-kernel-mentees mailing list
Linux-kernel-mentees@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees
next reply other threads:[~2021-07-28 8:51 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-28 8:51 Anirudh Rayabharam [this message]
2021-07-28 8:51 ` [PATCH v8 0/2] firmware_loader: fix uaf in firmware_fallback_sysfs Anirudh Rayabharam
2021-07-28 8:51 ` [PATCH v8 1/2] firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback Anirudh Rayabharam
2021-07-28 8:51 ` Anirudh Rayabharam
2021-07-28 8:51 ` [PATCH v8 2/2] firmware_loader: fix use-after-free in firmware_fallback_sysfs Anirudh Rayabharam
2021-07-28 8:51 ` Anirudh Rayabharam
2021-07-28 16:37 ` Shuah Khan
2021-07-28 16:37 ` Shuah Khan
2021-07-28 20:37 ` [PATCH v8 0/2] firmware_loader: fix uaf " Luis Chamberlain
2021-07-28 20:37 ` Luis Chamberlain
2021-07-29 16:52 ` Anirudh Rayabharam
2021-07-29 16:52 ` Anirudh Rayabharam
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210728085107.4141-1-mail@anirudhrb.com \
--to=mail@anirudhrb.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel-mentees@lists.linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=rafael@kernel.org \
--cc=skhan@linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.