linux-edac.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
To: andersson@kernel.org, robh+dt@kernel.org,
	krzysztof.kozlowski+dt@linaro.org, bp@alien8.de,
	tony.luck@intel.com
Cc: quic_saipraka@quicinc.com, konrad.dybcio@linaro.org,
	linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org,
	james.morse@arm.com, mchehab@kernel.org, rric@kernel.org,
	linux-edac@vger.kernel.org, quic_ppareek@quicinc.com,
	luca.weiss@fairphone.com, ahalaney@redhat.com, steev@kali.org,
	Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>,
	stable@vger.kernel.org
Subject: [PATCH v4 14/16] EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info
Date: Thu, 22 Dec 2022 18:46:54 +0530	[thread overview]
Message-ID: <20221222131656.49584-15-manivannan.sadhasivam@linaro.org> (raw)
In-Reply-To: <20221222131656.49584-1-manivannan.sadhasivam@linaro.org>

The memory for "llcc_driv_data" is allocated by the LLCC driver. But when
it is passed as "pvt_info" to the EDAC core, it will get freed during the
qcom_edac driver release. So when the qcom_edac driver gets probed again,
it will try to use the freed data leading to the use-after-free bug.

Fix this by not passing "llcc_driv_data" as pvt_info but rather reference
it using the "platform_data" in the qcom_edac driver.

Cc: <stable@vger.kernel.org> # 4.20
Fixes: 27450653f1db ("drivers: edac: Add EDAC driver support for QCOM SoCs")
Reported-by: Steev Klimaszewski <steev@kali.org>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
---
 drivers/edac/qcom_edac.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/drivers/edac/qcom_edac.c b/drivers/edac/qcom_edac.c
index 9e77fa84e84f..3256254c3722 100644
--- a/drivers/edac/qcom_edac.c
+++ b/drivers/edac/qcom_edac.c
@@ -252,7 +252,7 @@ dump_syn_reg_values(struct llcc_drv_data *drv, u32 bank, int err_type)
 static int
 dump_syn_reg(struct edac_device_ctl_info *edev_ctl, int err_type, u32 bank)
 {
-	struct llcc_drv_data *drv = edev_ctl->pvt_info;
+	struct llcc_drv_data *drv = edev_ctl->dev->platform_data;
 	int ret;
 
 	ret = dump_syn_reg_values(drv, bank, err_type);
@@ -289,7 +289,7 @@ static irqreturn_t
 llcc_ecc_irq_handler(int irq, void *edev_ctl)
 {
 	struct edac_device_ctl_info *edac_dev_ctl = edev_ctl;
-	struct llcc_drv_data *drv = edac_dev_ctl->pvt_info;
+	struct llcc_drv_data *drv = edac_dev_ctl->dev->platform_data;
 	irqreturn_t irq_rc = IRQ_NONE;
 	u32 drp_error, trp_error, i;
 	int ret;
@@ -358,7 +358,6 @@ static int qcom_llcc_edac_probe(struct platform_device *pdev)
 	edev_ctl->dev_name = dev_name(dev);
 	edev_ctl->ctl_name = "llcc";
 	edev_ctl->panic_on_ue = LLCC_ERP_PANIC_ON_UE;
-	edev_ctl->pvt_info = llcc_driv_data;
 
 	rc = edac_device_add_device(edev_ctl);
 	if (rc)
-- 
2.25.1


  parent reply	other threads:[~2022-12-22 13:20 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-12-22 13:16 [PATCH v4 00/16] Qcom: LLCC/EDAC: Fix base address used for LLCC banks Manivannan Sadhasivam
2022-12-22 13:16 ` [PATCH v4 01/16] dt-bindings: arm: msm: Update the maintainers for LLCC Manivannan Sadhasivam
2022-12-22 13:16 ` [PATCH v4 02/16] dt-bindings: arm: msm: Fix register regions used for LLCC banks Manivannan Sadhasivam
2022-12-23  8:58   ` Krzysztof Kozlowski
2022-12-22 13:16 ` [PATCH v4 03/16] arm64: dts: qcom: sdm845: Fix the base addresses of " Manivannan Sadhasivam
2022-12-22 13:16 ` [PATCH v4 04/16] arm64: dts: qcom: sc7180: " Manivannan Sadhasivam
2022-12-22 13:16 ` [PATCH v4 05/16] arm64: dts: qcom: sc7280: " Manivannan Sadhasivam
2022-12-22 13:16 ` [PATCH v4 06/16] arm64: dts: qcom: sc8280xp: " Manivannan Sadhasivam
2022-12-22 13:16 ` [PATCH v4 07/16] arm64: dts: qcom: sm8150: " Manivannan Sadhasivam
2022-12-22 13:16 ` [PATCH v4 08/16] arm64: dts: qcom: sm8250: " Manivannan Sadhasivam
2022-12-22 13:16 ` [PATCH v4 09/16] arm64: dts: qcom: sm8350: " Manivannan Sadhasivam
2022-12-22 13:16 ` [PATCH v4 10/16] arm64: dts: qcom: sm8450: " Manivannan Sadhasivam
2022-12-22 13:16 ` [PATCH v4 11/16] arm64: dts: qcom: sm6350: " Manivannan Sadhasivam
2022-12-22 13:16 ` [PATCH v4 12/16] EDAC/device: Make use of poll_msec value in edac_device_ctl_info struct Manivannan Sadhasivam
2022-12-22 13:16 ` [PATCH v4 13/16] EDAC/qcom: Add platform_device_id table for module autoloading Manivannan Sadhasivam
2022-12-22 13:16 ` Manivannan Sadhasivam [this message]
2022-12-22 13:16 ` [PATCH v4 15/16] qcom: llcc/edac: Fix the base address used for accessing LLCC banks Manivannan Sadhasivam
2022-12-28  4:29   ` Bjorn Andersson
2022-12-28  6:53     ` Manivannan Sadhasivam
2022-12-28  9:43       ` Krzysztof Kozlowski
2022-12-22 13:16 ` [PATCH v4 16/16] qcom: llcc/edac: Support polling mode for ECC handling Manivannan Sadhasivam
2022-12-22 14:28 ` [PATCH v4 00/16] Qcom: LLCC/EDAC: Fix base address used for LLCC banks Andrew Halaney
2022-12-23  3:43 ` Steev Klimaszewski
2022-12-28  4:31 ` Bjorn Andersson
2022-12-28  6:50   ` Manivannan Sadhasivam

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20221222131656.49584-15-manivannan.sadhasivam@linaro.org \
    --to=manivannan.sadhasivam@linaro.org \
    --cc=ahalaney@redhat.com \
    --cc=andersson@kernel.org \
    --cc=bp@alien8.de \
    --cc=james.morse@arm.com \
    --cc=konrad.dybcio@linaro.org \
    --cc=krzysztof.kozlowski+dt@linaro.org \
    --cc=linux-arm-msm@vger.kernel.org \
    --cc=linux-edac@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luca.weiss@fairphone.com \
    --cc=mchehab@kernel.org \
    --cc=quic_ppareek@quicinc.com \
    --cc=quic_saipraka@quicinc.com \
    --cc=robh+dt@kernel.org \
    --cc=rric@kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=steev@kali.org \
    --cc=tony.luck@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).