| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAL_JsqKZ=g16jZ_SZX2qi-ecE-hvQ+-UfUw40=+ztiM-Zpsq9A@mail.gmail.com>
Date: Tue, 18 Dec 2018 09:43:07 -0600
From: Rob Herring <robh+dt@...nel.org>
To: Frank Rowand <frowand.list@...il.com>
Cc: mwb@...ux.vnet.ibm.com,
linuxppc-dev <linuxppc-dev@...ts.ozlabs.org>,
Michael Ellerman <mpe@...erman.id.au>,
Tyrel Datwyler <tyreld@...ux.vnet.ibm.com>,
tlfalcon@...ux.vnet.ibm.com, minkim@...ibm.com,
devicetree@...r.kernel.org,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2 0/2] of: phandle_cache, fix refcounts, remove stale entry
On Mon, Dec 17, 2018 at 1:56 AM <frowand.list@...il.com> wrote:
>
> From: Frank Rowand <frank.rowand@...y.com>
>
> Non-overlay dynamic devicetree node removal may leave the node in
> the phandle cache. Subsequent calls to of_find_node_by_phandle()
> will incorrectly find the stale entry. This bug exposed the foloowing
> phandle cache refcount bug.
>
> The refcount of phandle_cache entries is not incremented while in
> the cache, allowing use after free error after kfree() of the
> cached entry.
>
> Changes since v1:
> - make __of_free_phandle_cache() static
> - add WARN_ON(1) for unexpected condition in of_find_node_by_phandle()
>
> Frank Rowand (2):
> of: of_node_get()/of_node_put() nodes held in phandle cache
> of: __of_detach_node() - remove node from phandle cache
I'll send this to Linus this week if I get a tested by. Otherwise, it
will go in for 4.21.
Rob
Powered by blists - more mailing lists