lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <7052d19a-54cb-d634-f195-dbd8ef37f1e7@huawei.com>
Date:   Thu, 27 May 2021 21:49:53 +0800
From:   Yang Yingliang <yangyingliang@...wei.com>
To:     Miquel Raynal <miquel.raynal@...tlin.com>
CC:     <linux-kernel@...r.kernel.org>, <linux-i3c@...ts.infradead.org>,
        <alexandre.belloni@...tlin.com>
Subject: Re: [PATCH -next] i3c: master: svc: drop free_irq of devm_request_irq
 allocated irq

Hi,

On 2021/5/27 18:01, Miquel Raynal wrote:
> Hi Yang,
>
> Yang Yingliang <yangyingliang@...wei.com> wrote on Tue, 18 May 2021
> 21:11:27 +0800:
>
>> irq allocated with devm_request_irq should not be freed using
>> free_irq, because doing so causes a dangling pointer, and a
>> subsequent double free.
>>
>> Reported-by: Hulk Robot <hulkci@...wei.com>
>> Signed-off-by: Yang Yingliang <yangyingliang@...wei.com>
>> ---
>>   drivers/i3c/master/svc-i3c-master.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/i3c/master/svc-i3c-master.c b/drivers/i3c/master/svc-i3c-master.c
>> index 1f6ba4221817..761c9c468357 100644
>> --- a/drivers/i3c/master/svc-i3c-master.c
>> +++ b/drivers/i3c/master/svc-i3c-master.c
>> @@ -1448,7 +1448,7 @@ static int svc_i3c_master_remove(struct platform_device *pdev)
>>   	if (ret)
>>   		return ret;
>>   
>> -	free_irq(master->irq, master);
>> +	devm_free_irq(&pdev->dev, master->irq, master);
> Wouldn't removing this call the right solution? If it's a device
> managed resource, it won't probably be needed to free it explicitly in
> the remove path.
Some drivers would expect to free irq itself, I am not sure if it's ok 
to remove
the free_irq() in i3c, I just keep the original logic here and avoid 
double free.

Thanks,
Yang
>
>>   	clk_disable_unprepare(master->pclk);
>>   	clk_disable_unprepare(master->fclk);
>>   	clk_disable_unprepare(master->sclk);
> Thanks,
> Miquèl
> .

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ