| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220927020158.1218469-1-ouyangweizhao@zeku.com>
Date: Tue, 27 Sep 2022 10:01:58 +0800
From: Weizhao Ouyang <ouyangweizhao@...u.com>
To: Ulf Hansson <ulf.hansson@...aro.org>,
John Wang <wangdayu@...u.com>,
Sergey Shtylyov <s.shtylyov@....ru>,
Matthew Ma <mahongwei@...u.com>,
"Weizhao Ouyang" <ouyangweizhao@...u.com>,
Pierre Ossman <drzeus@...eus.cx>
CC: <linux-mmc@...r.kernel.org>, <linux-kernel@...r.kernel.org>
Subject: [PATCH] mmc: sdio: fix kernel panic when remove non-standard SDIO card
From: Matthew Ma <mahongwei@...u.com>
SDIO tuple is only allocated for standard SDIO card, especially it
causes memory corruption issues when the non-standard SDIO card has
removed since the card device's reference counter does not increase for
it at sdio_init_func(), but all SDIO card device reference counter has
decreased at sdio_release_func().
Fixes: 1a632f8cdc33 ("sdio: split up common and function CIS parsing")
Signed-off-by: Matthew Ma <mahongwei@...u.com>
Reviewed-by: Weizhao Ouyang <ouyangweizhao@...u.com>
Reviewed-by: John Wang <wangdayu@...u.com>
---
drivers/mmc/core/sdio_bus.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/core/sdio_bus.c b/drivers/mmc/core/sdio_bus.c
index c6268c38c69e..babf21a0adeb 100644
--- a/drivers/mmc/core/sdio_bus.c
+++ b/drivers/mmc/core/sdio_bus.c
@@ -291,7 +291,8 @@ static void sdio_release_func(struct device *dev)
{
struct sdio_func *func = dev_to_sdio_func(dev);
- sdio_free_func_cis(func);
+ if (!(func->card->quirks & MMC_QUIRK_NONSTD_SDIO))
+ sdio_free_func_cis(func);
kfree(func->info);
kfree(func->tmpbuf);
--
2.25.1
Powered by blists - more mailing lists