lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <8A42379416420646B9BFAC9682273B6D56269C@limkexm3.ad.analog.com>
Date:	Tue, 8 Apr 2008 18:13:33 +0100
From:	"Hennerich, Michael" <Michael.Hennerich@...log.com>
To:	"Dmitry Torokhov" <dmitry.torokhov@...il.com>,
	"Bryan Wu" <bryan.wu@...log.com>
Cc:	<linux-input@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
	"Michael Hennerich" <michael.hennerich@...log.com>
Subject: RE: [PATCH 1/1] Input/Touchscreen Driver: add support AD7877touchscreen driver



>-----Original Message-----
>From: Dmitry Torokhov [mailto:dmitry.torokhov@...il.com]
>Sent: Montag, 7. April 2008 22:16
>To: Bryan Wu
>Cc: linux-input@...r.kernel.org; linux-kernel@...r.kernel.org; Michael
>Hennerich
>Subject: Re: [PATCH 1/1] Input/Touchscreen Driver: add support
>AD7877touchscreen driver
>
>Hi Bryan, Michael,
>
>On Thu, Feb 14, 2008 at 05:17:28PM +0800, Bryan Wu wrote:
>> From: Michael Hennerich <michael.hennerich@...log.com>
>>
>> [try #3] Changlog (Add feedback from Dmitry Torokhov):
>>  - Change handling of spi_sync / spi_async return value handling
>>  - Remove depreciated dev->power.power_state
>>  - Fix error return path in ad7877_probe
>>  - delete pending kernel timer
>>  - Some minor cleanup (indention, use dev_err etc.)
>
>Sorry for the long silence... I have a couple of comments at the moment
>but I am sure i will have more ;)
>
>> +
>> +	status = spi_sync(spi, &req->msg);
>> +
>> +	if (status == 0)
>> +		status = req->msg.status;
>> +
>> +	kfree(req);
>> +	return status ? status : req->sample;
>
>Use after free here.

Yeah this is definitely broken. 

>
>> +
>> +	ts->irq_disabled = 1;
>> +	disable_irq(spi->irq);
>
>I am a bit uneasy here... do we need to wait for an async spi
completion
>here before proceeding? Overall I have some concerns about the
>irq/spi/removal/sysfs iteractions, I will need some more time to look
>through the driver.


I think you are right - let me come up with a patch.

Thanks and best regards,
Michael

>
>> +	status = spi_sync(spi, &req->msg);
>> +	ts->irq_disabled = 0;
>> +	enable_irq(spi->irq);
>> +
>
>--
>Dmitry
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ