| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 Jul 2022 10:47:39 +0200
From: Uwe Kleine-König <u.kleine-koenig@...gutronix.de>
To: "Rafael J. Wysocki" <rafael@...nel.org>
Cc: linux-pm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: pm_runtime_resume_and_get in .remove callbacks
Hello,
there is a big bunch of kernel drivers (here:
drivers/i2c/busses/i2c-sprd.c) that have a remove callback that looks as
follows:
static int sprd_i2c_remove(struct platform_device *pdev)
{
struct sprd_i2c *i2c_dev = platform_get_drvdata(pdev);
int ret;
ret = pm_runtime_resume_and_get(i2c_dev->dev);
if (ret < 0)
return ret;
i2c_del_adapter(&i2c_dev->adap);
clk_disable_unprepare(i2c_dev->clk);
pm_runtime_put_noidle(i2c_dev->dev);
pm_runtime_disable(i2c_dev->dev);
return 0;
}
If pm_runtime_resume_and_get fails, the i2c adapter isn't removed, but
as the memory backing i2c_dev goes away---it was allocated using
devm_kzalloc in .probe()---the next i2c action will probably access
freed memory.
I'm not familiar enough with pm-runtime stuff, but wonder what
can/should be done about that. The obvious (to me) candidates are:
- log an error if pm_runtime_resume_and_get() fails, but continue to
clean up
- don't check the return value at all
What do you think?
Best regards
Uwe
--
Pengutronix e.K. | Uwe Kleine-König |
Industrial Linux Solutions | https://www.pengutronix.de/ |
Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)
Powered by blists - more mailing lists