lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Wed, 6 Mar 2019 18:28:33 +0100
From:   Anders Roxell <anders.roxell@...aro.org>
To:     Dan Carpenter <dan.carpenter@...cle.com>
Cc:     erico.nunes@...acom.ind.br, wsa@...-dreams.de,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: BUG: KASAN: i2c dev use after free

On Mon, 4 Mar 2019 at 16:37, Dan Carpenter <dan.carpenter@...cle.com> wrote:
>
> I wasn't trying to fix anything so complicated as this, it was a
> more obvious use after free.  It does feel intuitively that we should
> call device_destroy() before the cdev_del() so that it's in the reverse
> order from how it was allocated but I don't see any reason to think
> that will make a difference.

No that didn't make any difference... =/

>
> ---
>  drivers/i2c/i2c-dev.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/i2c/i2c-dev.c b/drivers/i2c/i2c-dev.c
> index 3f7b9af11137..7e85e2cf26c1 100644
> --- a/drivers/i2c/i2c-dev.c
> +++ b/drivers/i2c/i2c-dev.c
> @@ -687,9 +687,9 @@ static int i2cdev_detach_adapter(struct device *dev, void *dummy)
>         if (!i2c_dev) /* attach_adapter must have failed */
>                 return 0;
>
> +       device_destroy(i2c_dev_class, MKDEV(I2C_MAJOR, adap->nr));
>         cdev_del(&i2c_dev->cdev);
>         put_i2c_dev(i2c_dev);
> -       device_destroy(i2c_dev_class, MKDEV(I2C_MAJOR, adap->nr));
>
>         pr_debug("i2c-dev: adapter [%s] unregistered\n", adap->name);
>         return 0;
> --
> 2.17.1
>

Powered by blists - more mailing lists