| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YMjKQnFRi0feSYiI@kroah.com>
Date: Tue, 15 Jun 2021 17:41:54 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Johannes Thumshirn <johannes.thumshirn@....com>
Cc: linux-kernel@...r.kernel.org,
Dan Carpenter <dan.carpenter@...cle.com>,
Johannes Thumshirn <jth@...nel.org>
Subject: Re: [PATCH 2/3] mcb: fix error handling in mcb_alloc_bus()
On Tue, Jun 15, 2021 at 11:55:29PM +0900, Johannes Thumshirn wrote:
> From: Dan Carpenter <dan.carpenter@...cle.com>
>
> There are two bugs:
> 1) If ida_simple_get() fails then this code calls put_device(carrier)
> but we haven't yet called get_device(carrier) and probably that
> leads to a use after free.
> 2) After device_initialize() then we need to use put_device() to
> release the bus. This will free the internal resources tied to the
> device and call mcb_free_bus() which will free the rest.
>
> Fixes: 5d9e2ab9fea4 ("mcb: Implement bus->dev.release callback")
> Fixes: 18d288198099 ("mcb: Correctly initialize the bus's device")
> Signed-off-by: Dan Carpenter <dan.carpenter@...cle.com>
> Signed-off-by: Johannes Thumshirn <jth@...nel.org>
> ---
> drivers/mcb/mcb-core.c | 12 ++++++------
> 1 file changed, 6 insertions(+), 6 deletions(-)
Shouldn't this go to the stable kernels? Why not cc: stable in the
signed-off-by lines?
thanks,
greg k-h
Powered by blists - more mailing lists