| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 Dec 2017 09:29:34 +0100
From: Simon Horman <horms@...ge.net.au>
To: Bjorn Helgaas <helgaas@...nel.org>
Cc: Geert Uytterhoeven <geert+renesas@...der.be>,
Lorenzo Pieralisi <lorenzo.pieralisi@....com>,
Bjorn Helgaas <bhelgaas@...gle.com>,
Harunobu Kurokawa <harunobu.kurokawa.dn@...esas.com>,
Phil Edworthy <phil.edworthy@...esas.com>,
linux-pci@...r.kernel.org, linux-renesas-soc@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] PCI: rcar: Fix use-after-free in probe error path
On Tue, Dec 12, 2017 at 01:29:42PM -0600, Bjorn Helgaas wrote:
> On Thu, Dec 07, 2017 at 11:15:19AM +0100, Geert Uytterhoeven wrote:
> > If CONFIG_DEBUG_SLAB=y, and no PCIe card is inserted, the kernel crashes
> > during probe on r8a7791/koelsch:
> >
> > rcar-pcie fe000000.pcie: PCIe link down
> > Unable to handle kernel paging request at virtual address 6b6b6b6b
> >
> > (seeing this message requires earlycon and keep_bootcon).
> >
> > Indeed, pci_free_host_bridge() frees the PCI host bridge, including the
> > embedded rcar_pcie object, so pci_free_resource_list() must not be
> > called afterwards.
> >
> > To fix this, move the call to pci_free_resource_list() up, and update the
> > label name accordingly.
> >
> > Fixes: ddd535f1ea3eb27e ("PCI: rcar: Fix memory leak when no PCIe card is inserted")
> > Signed-off-by: Geert Uytterhoeven <geert+renesas@...der.be>
>
> Applied with Simon's and Lorenzo's acks to for-linus for v4.15, thanks!
>
> I'll leave the second patch up to Lorenzo for v4.16, since it doesn't seem
> as critical.
Thanks Bjorn, that's fine by me.
Powered by blists - more mailing lists