lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 14 Sep 2021 12:58:30 +0300
From:   Dan Carpenter <dan.carpenter@...cle.com>
To:     kbuild@...ts.01.org, Ian Pilcher <arequipeno@...il.com>,
        axboe@...nel.dk, pavel@....cz
Cc:     lkp@...el.com, kbuild-all@...ts.01.org, linux-leds@...r.kernel.org,
        linux-block@...r.kernel.org, linux-kernel@...r.kernel.org,
        gregkh@...uxfoundation.org, kabel@...nel.org
Subject: Re: [PATCH v2 12/15] leds: trigger: blkdev: Enable unlinking block
 devices from LEDs

Hi Ian,

url:    https://github.com/0day-ci/linux/commits/Ian-Pilcher/Introduce-block-device-LED-trigger/20210910-062756
base:   a3fa7a101dcff93791d1b1bdb3affcad1410c8c1
config: i386-randconfig-m021-20210912 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>
Reported-by: Dan Carpenter <dan.carpenter@...cle.com>

smatch warnings:
drivers/leds/trigger/ledtrig-blkdev.c:410 blkdev_disk_unlink_locked() error: dereferencing freed memory 'disk'

vim +/disk +410 drivers/leds/trigger/ledtrig-blkdev.c

66cb682de7e8bd Ian Pilcher 2021-09-09  388  static void blkdev_disk_unlink_locked(struct ledtrig_blkdev_led *const led,
66cb682de7e8bd Ian Pilcher 2021-09-09  389  				      struct ledtrig_blkdev_link *const link,
66cb682de7e8bd Ian Pilcher 2021-09-09  390  				      struct ledtrig_blkdev_disk *const disk)
66cb682de7e8bd Ian Pilcher 2021-09-09  391  {
66cb682de7e8bd Ian Pilcher 2021-09-09  392  	--ledtrig_blkdev_count;
66cb682de7e8bd Ian Pilcher 2021-09-09  393  
66cb682de7e8bd Ian Pilcher 2021-09-09  394  	if (ledtrig_blkdev_count == 0)
66cb682de7e8bd Ian Pilcher 2021-09-09  395  		WARN_ON(!cancel_delayed_work_sync(&ledtrig_blkdev_work));
66cb682de7e8bd Ian Pilcher 2021-09-09  396  
66cb682de7e8bd Ian Pilcher 2021-09-09  397  	sysfs_remove_link(led->dir, disk->gd->disk_name);
66cb682de7e8bd Ian Pilcher 2021-09-09  398  	sysfs_remove_link(disk->dir, led->led_dev->name);
66cb682de7e8bd Ian Pilcher 2021-09-09  399  	kobject_put(disk->dir);
66cb682de7e8bd Ian Pilcher 2021-09-09  400  
66cb682de7e8bd Ian Pilcher 2021-09-09  401  	hlist_del(&link->led_disks_node);
66cb682de7e8bd Ian Pilcher 2021-09-09  402  	hlist_del(&link->disk_leds_node);
66cb682de7e8bd Ian Pilcher 2021-09-09  403  	kfree(link);
66cb682de7e8bd Ian Pilcher 2021-09-09  404  
66cb682de7e8bd Ian Pilcher 2021-09-09  405  	if (hlist_empty(&disk->leds)) {
66cb682de7e8bd Ian Pilcher 2021-09-09  406  		disk->gd->ledtrig = NULL;
66cb682de7e8bd Ian Pilcher 2021-09-09  407  		kfree(disk);
                                                              ^^^^
Freed.

66cb682de7e8bd Ian Pilcher 2021-09-09  408  	}
66cb682de7e8bd Ian Pilcher 2021-09-09  409  
66cb682de7e8bd Ian Pilcher 2021-09-09 @410  	put_disk(disk->gd);
                                                         ^^^^^^^^
Dereference after free.

66cb682de7e8bd Ian Pilcher 2021-09-09  411  }

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ