lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 27 Feb 2019 07:08:20 +0100 (CET)
From:   Julia Lawall <julia.lawall@...6.fr>
To:     Yoshihiro Shimoda <yoshihiro.shimoda.uh@...esas.com>
cc:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Kishon Vijay Abraham I <kishon@...com>,
        "Sergei Shtylyov (sergei.shtylyov@...entembedded.com)" 
        <sergei.shtylyov@...entembedded.com>
Subject: RE: question about drivers/phy/renesas/phy-rcar-gen2.c



On Wed, 27 Feb 2019, Yoshihiro Shimoda wrote:

> Hello,
>
> > From: Julia Lawall, Sent: Tuesday, February 26, 2019 6:01 PM
> >
> > On Tue, 26 Feb 2019, Yoshihiro Shimoda wrote:
> >
> > > Hello,
> > > (Sergei made this code, so I added his email as CC)
> > >
> > > I'm sorry for the delayed response.
> > >
> > > > From: Julia Lawall, Sent: Sunday, February 3, 2019 4:03 PM
> > > >
> > > > Hello,
> > > >
> > > > I was wondering whether phy-rcar-gen2.c would use dynamically allocated
> > > > device nodes?
> > >
> > > I'm sorry, but what is "dynamically allocated device nodes"?
> >
> > Device nodes for which there will be a meor leak if one doesn't put
> > of_node_put.
>
> Thank you. I understood it.
>
> > julia
> >
> > >
> > > Best regards,
> > > Yoshihiro Shimoda
> > >
> > > >  If so, it looks like the following code could cause a
> > > > use-after-free, due to not incrementing th reference count:
> > > >
> > > > 	for_each_child_of_node(dev->of_node, np) {
> > > > 		struct rcar_gen2_channel *channel = drv->channels + i;
> > > > 		u32 channel_num;
> > > > 		int error, n;
> > > >
> > > > 		channel->of_node = np;
>
> IIUC, since the channel->of_node will be used for comparing the pointer
> in rcar_gen2_phy_xlate(), it is not use-after-free.
> However, the for_each_child_of_node() in rcar_gen2_phy_probe() will return
> without of_put_node() at error paths. So, I'll submit a bugfix patch later.
>
> Thank you very much for your report!

Thanks for taking care of it.

julia

>
> Best regards,
> Yoshihiro Shimoda
>
> > > > 		...
> > > > 	}
> > > >
> > > > On the other hand, if the reference cound it incrememnted, preventing
> > > > memory leaks in the case where the probe function fails would entail some
> > > > complex rewriting of the code, so I thought it would be better to ask
> > > > first.
> > > >
> > > > thanks,
> > > > julia
> > >
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ