lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 23 Jun 2022 09:06:20 +0200
From:   Uwe Kleine-König <u.kleine-koenig@...gutronix.de>
To:     Kunihiko Hayashi <hayashi.kunihiko@...ionext.com>
Cc:     Michael Turquette <mturquette@...libre.com>,
        Stephen Boyd <sboyd@...nel.org>, linux-clk@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] clk: Fix referring to wrong pointer in devm_clk_release()

Hello,

On Thu, Jun 23, 2022 at 10:02:22AM +0900, Kunihiko Hayashi wrote:
> At bind phase, __devm_clk_get() calls devres_alloc() to allocate devres,
> and dr->data is treated as a variable "state".
> 
> At unbind phase, release_nodes() calls devm_clk_release() specified by
> devres_alloc().
> 
> The argument "res" of devm_clk_release() is dr->data, and this entity is
> "state", however in devm_clk_release(), "*res" is treated as "state",
> resulting in pointer inconsistency.
> 
> Unbinding a driver caused a panic.
> 
>     Unable to handle kernel execute from non-executable memory
>     at virtual address ffff000100236810
>     ...
>     pc : 0xffff000100236810
>     lr : devm_clk_release+0x6c/0x9c
>     ...
>     Call trace:
>      0xffff000100236810
>      release_nodes+0xb0/0x150
>      devres_release_all+0x94/0xf8
>      device_unbind_cleanup+0x20/0x70
>      device_release_driver_internal+0x114/0x1a0
>      device_driver_detach+0x20/0x30
> 
> Cc: Uwe Kleine-König <u.kleine-koenig@...gutronix.de>
> Fixes: abae8e57e49a ("clk: generalize devm_clk_get() a bit")
> Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko@...ionext.com>

This is already fixed in clk-next:

	https://git.kernel.org/pub/scm/linux/kernel/git/clk/linux.git/commit/?h=clk-next&id=8b3d743fc9e2542822826890b482afabf0e7522a

Thanks anyhow,
Uwe

-- 
Pengutronix e.K.                           | Uwe Kleine-König            |
Industrial Linux Solutions                 | https://www.pengutronix.de/ |

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ