| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <050a390d-1ede-04ee-3870-9434ffd671b8@linaro.org>
Date: Thu, 23 Jun 2022 10:15:33 +0200
From: Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>
To: Hangyu Hua <hbh25y@...il.com>, bjorn.andersson@...aro.org,
mathieu.poirier@...aro.org, gregkh@...uxfoundation.org
Cc: linux-remoteproc@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] rpmsg: fix possible refcount leak in
rpmsg_register_device_override()
On 23/06/2022 09:36, Hangyu Hua wrote:
> [1] commit 1680939e9ecf ("rpmsg: virtio: Fix possible double free in
> rpmsg_virtio_add_ctrl_dev()")
> [2] commit c2eecefec5df ("rpmsg: virtio: Fix possible double free in
> rpmsg_probe()")
> [3] commit bb17d110cbf2 ("rpmsg: Fix calling device_lock() on
> non-initialized device")
I think only the last [3] introduced it, because it's the commit missing
put_device in first error path.
>
> The above three patches merged at the same time introduced a new bug.
> [1] and [2] make rpmsg_ns_register_device and rpmsg_ctrldev_register_device
> need to call the callback function internally to free vch when it fails.
> [3] has an error return path not handled vch.
>
> Fix this by adding a put_device() to the error path.
>
> Fixes: bb17d110cbf2 ("rpmsg: Fix calling device_lock() on non-initialized device")
> Signed-off-by: Hangyu Hua <hbh25y@...il.com>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>
Best regards,
Krzysztof
Powered by blists - more mailing lists