lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1466637064-4662-1-git-send-email-khoroshilov@ispras.ru>
Date:	Thu, 23 Jun 2016 00:11:04 +0100
From:	Alexey Khoroshilov <khoroshilov@...ras.ru>
To:	Shuah Khan <shuahkh@....samsung.com>,
	Mauro Carvalho Chehab <mchehab@....samsung.com>
Cc:	Alexey Khoroshilov <khoroshilov@...ras.ru>,
	linux-media@...r.kernel.org, linux-kernel@...r.kernel.org,
	ldv-project@...uxtesting.org
Subject: [BUG] au0828: dev->lock in au0828_usb_probe()

It is not quite clear what does mutex_lock(&dev->lock) defend against.

If there is a chance that some other code can try to lock the mutex during probe(),
then 
  mutex_unlock(&dev->lock);
  kfree(dev);
looks suspicious, because when that code get control form mutex_lock(dev->lock)
the dev could be already freed.

Otherwise, dev->lock should not be acquired so early.

Another problem is that on the path going via goto done
there is no mutex_unlock(&dev->lock).

Found by Linux Driver Verification project (linuxtesting.org).

--
Alexey Khoroshilov
Linux Verification Center, ISPRAS
web: http://linuxtesting.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ