| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 10 Jun 2022 09:41:43 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: kbuild@...ts.01.org,
Christian 'Ansuel' Marangi <ansuelsmth@...il.com>,
MyungJoo Ham <myungjoo.ham@...sung.com>,
Kyungmin Park <kyungmin.park@...sung.com>,
Chanwoo Choi <cw00.choi@...sung.com>,
Saravana Kannan <skannan@...eaurora.org>,
Sibi Sankar <sibis@...eaurora.org>, linux-pm@...r.kernel.org,
linux-kernel@...r.kernel.org
Cc: lkp@...el.com, kbuild-all@...ts.01.org,
Christian 'Ansuel' Marangi <ansuelsmth@...il.com>
Subject: Re: [PATCH 1/5] PM / devfreq: Fix cpufreq passive unregister
erroring on PROBE_DEFER
Hi Christian,
url: https://github.com/intel-lab-lkp/linux/commits/Christian-Ansuel-Marangi/PM-devfreq-Various-Fixes-to-cpufreq-based-passive-governor/20220606-191335
base: https://git.kernel.org/pub/scm/linux/kernel/git/chanwoo/linux.git devfreq-testing
config: i386-randconfig-m021 (https://download.01.org/0day-ci/archive/20220610/202206101102.4JCYtCjM-lkp@intel.com/config)
compiler: gcc-11 (Debian 11.3.0-1) 11.3.0
If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@...el.com>
Reported-by: Dan Carpenter <dan.carpenter@...cle.com>
smatch warnings:
drivers/devfreq/governor_passive.c:235 cpufreq_passive_unregister_notifier() error: dereferencing freed memory 'parent_cpu_data'
vim +/parent_cpu_data +235 drivers/devfreq/governor_passive.c
a03dacb0316f74 Saravana Kannan 2021-03-02 221 static int cpufreq_passive_unregister_notifier(struct devfreq *devfreq)
a03dacb0316f74 Saravana Kannan 2021-03-02 222 {
a03dacb0316f74 Saravana Kannan 2021-03-02 223 struct devfreq_passive_data *p_data
a03dacb0316f74 Saravana Kannan 2021-03-02 224 = (struct devfreq_passive_data *)devfreq->data;
a03dacb0316f74 Saravana Kannan 2021-03-02 225 struct devfreq_cpu_data *parent_cpu_data;
2d59e1f0c418bf Christian 'Ansuel' Marangi 2022-06-06 226 int ret;
a03dacb0316f74 Saravana Kannan 2021-03-02 227
a03dacb0316f74 Saravana Kannan 2021-03-02 228 if (p_data->nb.notifier_call) {
a03dacb0316f74 Saravana Kannan 2021-03-02 229 ret = cpufreq_unregister_notifier(&p_data->nb,
a03dacb0316f74 Saravana Kannan 2021-03-02 230 CPUFREQ_TRANSITION_NOTIFIER);
a03dacb0316f74 Saravana Kannan 2021-03-02 231 if (ret < 0)
a03dacb0316f74 Saravana Kannan 2021-03-02 232 return ret;
a03dacb0316f74 Saravana Kannan 2021-03-02 233 }
a03dacb0316f74 Saravana Kannan 2021-03-02 234
2d59e1f0c418bf Christian 'Ansuel' Marangi 2022-06-06 @235 list_for_each_entry(parent_cpu_data, &p_data->cpu_data_list, node) {
This needs to be list_for_each_entry_safe()
26984d9d581e50 Chanwoo Choi 2022-04-27 236 list_del(&parent_cpu_data->node);
Otherwise it will only iterate one time
2d59e1f0c418bf Christian 'Ansuel' Marangi 2022-06-06 237
a03dacb0316f74 Saravana Kannan 2021-03-02 238 if (parent_cpu_data->opp_table)
a03dacb0316f74 Saravana Kannan 2021-03-02 239 dev_pm_opp_put_opp_table(parent_cpu_data->opp_table);
2d59e1f0c418bf Christian 'Ansuel' Marangi 2022-06-06 240
a03dacb0316f74 Saravana Kannan 2021-03-02 241 kfree(parent_cpu_data);
And it will dereference a freed pointer
a03dacb0316f74 Saravana Kannan 2021-03-02 242 }
a03dacb0316f74 Saravana Kannan 2021-03-02 243
2d59e1f0c418bf Christian 'Ansuel' Marangi 2022-06-06 244 return 0;
a03dacb0316f74 Saravana Kannan 2021-03-02 245 }
--
0-DAY CI Kernel Test Service
https://01.org/lkp
Powered by blists - more mailing lists