| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2d7eaa45-2193-7fcb-5c9b-6394bab2ae95@gmail.com>
Date: Thu, 23 Jun 2022 18:53:41 +0800
From: Hangyu Hua <hbh25y@...il.com>
To: Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>,
bjorn.andersson@...aro.org, mathieu.poirier@...aro.org,
gregkh@...uxfoundation.org
Cc: linux-remoteproc@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] rpmsg: fix possible refcount leak in
rpmsg_register_device_override()
On 2022/6/23 16:15, Krzysztof Kozlowski wrote:
> On 23/06/2022 09:36, Hangyu Hua wrote:
>> [1] commit 1680939e9ecf ("rpmsg: virtio: Fix possible double free in
>> rpmsg_virtio_add_ctrl_dev()")
>> [2] commit c2eecefec5df ("rpmsg: virtio: Fix possible double free in
>> rpmsg_probe()")
>> [3] commit bb17d110cbf2 ("rpmsg: Fix calling device_lock() on
>> non-initialized device")
>
> I think only the last [3] introduced it, because it's the commit missing
> put_device in first error path.
>
I see. Do i need to change the commit log and then send a v2?
>>
>> The above three patches merged at the same time introduced a new bug.
>> [1] and [2] make rpmsg_ns_register_device and rpmsg_ctrldev_register_device
>> need to call the callback function internally to free vch when it fails.
>> [3] has an error return path not handled vch.
>>
>> Fix this by adding a put_device() to the error path.
>>
>> Fixes: bb17d110cbf2 ("rpmsg: Fix calling device_lock() on non-initialized device")
>> Signed-off-by: Hangyu Hua <hbh25y@...il.com>
>
>
> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>
>
> Best regards,
> Krzysztof
Powered by blists - more mailing lists