lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 19 Mar 2019 22:59:05 -0700
From:   Josh Gao <jmgao@...gle.com>
To:     fei.yang@...el.com
Cc:     balbi@...nel.org, gregkh@...uxfoundation.org,
        Jerry Zhang <zhangjerry@...gle.com>, andrzej.p@...labora.com,
        plr.vincent@...il.com, jingx.shen@...el.com,
        John Stultz <john.stultz@...aro.org>,
        linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH V2] usb: gadget: f_fs: don't free buffer prematurely

On Tue, Mar 19, 2019 at 10:56 PM Josh Gao <jmgao@...gle.com> wrote:
>
> On Tue, Mar 19, 2019 at 10:32 PM <fei.yang@...el.com> wrote:
> >
> > From: Fei Yang <fei.yang@...el.com>
> >
> > The following kernel panic happens due to the io_data buffer gets deallocated
> > before the async io is completed. Add a check for the case where io_data buffer
> > should be deallocated by ffs_user_copy_worker.
>
> It looks like this happened because data got renamed to io_data, which made the
> `data = NULL` marked with "Do not kfree the buffer in this function" not do
> what it was hoping. This should probably either delete the assignment above or
> fix the assignment to refer to io_data? (EIOCBQUEUED presumably can't come from
> elsewhere?)

(except ffs_free_buffer doesn't check for null, so probably the former)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ