lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20171212192942.GE53955@bhelgaas-glaptop.roam.corp.google.com> Date: Tue, 12 Dec 2017 13:29:42 -0600 From: Bjorn Helgaas <helgaas@...nel.org> To: Geert Uytterhoeven <geert+renesas@...der.be> Cc: Simon Horman <horms@...ge.net.au>, Lorenzo Pieralisi <lorenzo.pieralisi@....com>, Bjorn Helgaas <bhelgaas@...gle.com>, Harunobu Kurokawa <harunobu.kurokawa.dn@...esas.com>, Phil Edworthy <phil.edworthy@...esas.com>, linux-pci@...r.kernel.org, linux-renesas-soc@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH 1/2] PCI: rcar: Fix use-after-free in probe error path On Thu, Dec 07, 2017 at 11:15:19AM +0100, Geert Uytterhoeven wrote: > If CONFIG_DEBUG_SLAB=y, and no PCIe card is inserted, the kernel crashes > during probe on r8a7791/koelsch: > > rcar-pcie fe000000.pcie: PCIe link down > Unable to handle kernel paging request at virtual address 6b6b6b6b > > (seeing this message requires earlycon and keep_bootcon). > > Indeed, pci_free_host_bridge() frees the PCI host bridge, including the > embedded rcar_pcie object, so pci_free_resource_list() must not be > called afterwards. > > To fix this, move the call to pci_free_resource_list() up, and update the > label name accordingly. > > Fixes: ddd535f1ea3eb27e ("PCI: rcar: Fix memory leak when no PCIe card is inserted") > Signed-off-by: Geert Uytterhoeven <geert+renesas@...der.be> Applied with Simon's and Lorenzo's acks to for-linus for v4.15, thanks! I'll leave the second patch up to Lorenzo for v4.16, since it doesn't seem as critical. > --- > drivers/pci/host/pcie-rcar.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/drivers/pci/host/pcie-rcar.c b/drivers/pci/host/pcie-rcar.c > index 12796eccb2befd91..52ab3cb0a0bfe065 100644 > --- a/drivers/pci/host/pcie-rcar.c > +++ b/drivers/pci/host/pcie-rcar.c > @@ -1128,12 +1128,12 @@ static int rcar_pcie_probe(struct platform_device *pdev) > err = rcar_pcie_get_resources(pcie); > if (err < 0) { > dev_err(dev, "failed to request resources: %d\n", err); > - goto err_free_bridge; > + goto err_free_resource_list; > } > > err = rcar_pcie_parse_map_dma_ranges(pcie, dev->of_node); > if (err) > - goto err_free_bridge; > + goto err_free_resource_list; > > pm_runtime_enable(dev); > err = pm_runtime_get_sync(dev); > @@ -1176,9 +1176,9 @@ static int rcar_pcie_probe(struct platform_device *pdev) > err_pm_disable: > pm_runtime_disable(dev); > > -err_free_bridge: > - pci_free_host_bridge(bridge); > +err_free_resource_list: > pci_free_resource_list(&pcie->resources); > + pci_free_host_bridge(bridge); > > return err; > } > -- > 2.7.4 >
Powered by blists - more mailing lists