lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20171213082933.dpswh3x234bu4dhu@verge.net.au>
Date:   Wed, 13 Dec 2017 09:29:34 +0100
From:   Simon Horman <horms@...ge.net.au>
To:     Bjorn Helgaas <helgaas@...nel.org>
Cc:     Geert Uytterhoeven <geert+renesas@...der.be>,
        Lorenzo Pieralisi <lorenzo.pieralisi@....com>,
        Bjorn Helgaas <bhelgaas@...gle.com>,
        Harunobu Kurokawa <harunobu.kurokawa.dn@...esas.com>,
        Phil Edworthy <phil.edworthy@...esas.com>,
        linux-pci@...r.kernel.org, linux-renesas-soc@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] PCI: rcar: Fix use-after-free in probe error path

On Tue, Dec 12, 2017 at 01:29:42PM -0600, Bjorn Helgaas wrote:
> On Thu, Dec 07, 2017 at 11:15:19AM +0100, Geert Uytterhoeven wrote:
> > If CONFIG_DEBUG_SLAB=y, and no PCIe card is inserted, the kernel crashes
> > during probe on r8a7791/koelsch:
> > 
> >     rcar-pcie fe000000.pcie: PCIe link down
> >     Unable to handle kernel paging request at virtual address 6b6b6b6b
> > 
> > (seeing this message requires earlycon and keep_bootcon).
> > 
> > Indeed, pci_free_host_bridge() frees the PCI host bridge, including the
> > embedded rcar_pcie object, so pci_free_resource_list() must not be
> > called afterwards.
> > 
> > To fix this, move the call to pci_free_resource_list() up, and update the
> > label name accordingly.
> > 
> > Fixes: ddd535f1ea3eb27e ("PCI: rcar: Fix memory leak when no PCIe card is inserted")
> > Signed-off-by: Geert Uytterhoeven <geert+renesas@...der.be>
> 
> Applied with Simon's and Lorenzo's acks to for-linus for v4.15, thanks!
> 
> I'll leave the second patch up to Lorenzo for v4.16, since it doesn't seem
> as critical.

Thanks Bjorn, that's fine by me.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ