linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] mips: cdmm: fix use-after-free in mips_cdmm_bus_discover
@ 2020-11-20  7:48 Qinglang Miao
  2020-11-20 14:06 ` Serge Semin
  2020-11-27  9:33 ` Thomas Bogendoerfer
  0 siblings, 2 replies; 3+ messages in thread
From: Qinglang Miao @ 2020-11-20  7:48 UTC (permalink / raw)
  To: Thomas Bogendoerfer, Serge Semin; +Cc: linux-mips, linux-kernel, Qinglang Miao

kfree(dev) has been called inside put_device so anther
kfree would cause a use-after-free bug/

Fixes: 8286ae03308c ("MIPS: Add CDMM bus support")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Qinglang Miao <miaoqinglang@huawei.com>
---
 drivers/bus/mips_cdmm.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/drivers/bus/mips_cdmm.c b/drivers/bus/mips_cdmm.c
index 9f7ed1fcd..e43786c67 100644
--- a/drivers/bus/mips_cdmm.c
+++ b/drivers/bus/mips_cdmm.c
@@ -561,7 +561,6 @@ static void mips_cdmm_bus_discover(struct mips_cdmm_bus *bus)
 		ret = device_register(&dev->dev);
 		if (ret) {
 			put_device(&dev->dev);
-			kfree(dev);
 		}
 	}
 }
-- 
2.23.0


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] mips: cdmm: fix use-after-free in mips_cdmm_bus_discover
  2020-11-20  7:48 [PATCH] mips: cdmm: fix use-after-free in mips_cdmm_bus_discover Qinglang Miao
@ 2020-11-20 14:06 ` Serge Semin
  2020-11-27  9:33 ` Thomas Bogendoerfer
  1 sibling, 0 replies; 3+ messages in thread
From: Serge Semin @ 2020-11-20 14:06 UTC (permalink / raw)
  To: Qinglang Miao; +Cc: Thomas Bogendoerfer, linux-mips, linux-kernel

Hello Qinglang

Thanks for the patch. Good catch. Please see a tiny nitpick below.

On Fri, Nov 20, 2020 at 03:48:47PM +0800, Qinglang Miao wrote:
> kfree(dev) has been called inside put_device so anther
> kfree would cause a use-after-free bug/
> 
> Fixes: 8286ae03308c ("MIPS: Add CDMM bus support")
> Reported-by: Hulk Robot <hulkci@huawei.com>
> Signed-off-by: Qinglang Miao <miaoqinglang@huawei.com>
> ---
>  drivers/bus/mips_cdmm.c | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/drivers/bus/mips_cdmm.c b/drivers/bus/mips_cdmm.c
> index 9f7ed1fcd..e43786c67 100644
> --- a/drivers/bus/mips_cdmm.c
> +++ b/drivers/bus/mips_cdmm.c
> @@ -561,7 +561,6 @@ static void mips_cdmm_bus_discover(struct mips_cdmm_bus *bus)
>  		ret = device_register(&dev->dev);

>  		if (ret) {
>  			put_device(&dev->dev);
> -			kfree(dev);
>  		}

After removing kfree() from here the braces around the if clause
are no more needed in accordance with the kernel coding style.
Please remove them too. Then feel free to add the tag
Acked-by: Serge Semin <fancer.lancer@gmail.com>

-Sergey

>  	}
>  }
> -- 
> 2.23.0
> 

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] mips: cdmm: fix use-after-free in mips_cdmm_bus_discover
  2020-11-20  7:48 [PATCH] mips: cdmm: fix use-after-free in mips_cdmm_bus_discover Qinglang Miao
  2020-11-20 14:06 ` Serge Semin
@ 2020-11-27  9:33 ` Thomas Bogendoerfer
  1 sibling, 0 replies; 3+ messages in thread
From: Thomas Bogendoerfer @ 2020-11-27  9:33 UTC (permalink / raw)
  To: Qinglang Miao; +Cc: Serge Semin, linux-mips, linux-kernel

On Fri, Nov 20, 2020 at 03:48:47PM +0800, Qinglang Miao wrote:
> kfree(dev) has been called inside put_device so anther
> kfree would cause a use-after-free bug/
> 
> Fixes: 8286ae03308c ("MIPS: Add CDMM bus support")
> Reported-by: Hulk Robot <hulkci@huawei.com>
> Signed-off-by: Qinglang Miao <miaoqinglang@huawei.com>
> ---
>  drivers/bus/mips_cdmm.c | 1 -
>  1 file changed, 1 deletion(-)

applied with braces removal to mips-next.

Thomas.

-- 
Crap can work. Given enough thrust pigs will fly, but it's not necessarily a
good idea.                                                [ RFC1925, 2.3 ]

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2020-11-27  9:57 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-20  7:48 [PATCH] mips: cdmm: fix use-after-free in mips_cdmm_bus_discover Qinglang Miao
2020-11-20 14:06 ` Serge Semin
2020-11-27  9:33 ` Thomas Bogendoerfer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).