| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 31 Dec 2022 18:31:04 +0800
From: kernel test robot <lkp@...el.com>
To: Yoochan Lee <yoochan1026@...il.com>, matt.hsiao@....com
Cc: llvm@...ts.linux.dev, oe-kbuild-all@...ts.linux.dev, arnd@...db.de,
gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org,
Yoochan Lee <yoochan1026@...il.com>
Subject: Re: [PATCH] misc: hpilo: Fix use-after-free in ilo_open
Hi Yoochan,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on char-misc/char-misc-testing]
[also build test ERROR on char-misc/char-misc-next char-misc/char-misc-linus soc/for-next linus/master v6.2-rc1 next-20221226]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Yoochan-Lee/misc-hpilo-Fix-use-after-free-in-ilo_open/20221231-135458
patch link: https://lore.kernel.org/r/20221231055310.2040648-1-yoochan1026%40gmail.com
patch subject: [PATCH] misc: hpilo: Fix use-after-free in ilo_open
config: i386-randconfig-a001-20221226
compiler: clang version 14.0.6 (https://github.com/llvm/llvm-project f28c006a5895fc0e329fe15fead81e37457cb1d1)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/intel-lab-lkp/linux/commit/aca13e7e71e5c2b68742270a834fd67929850ef9
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Yoochan-Lee/misc-hpilo-Fix-use-after-free-in-ilo_open/20221231-135458
git checkout aca13e7e71e5c2b68742270a834fd67929850ef9
# save the config file
mkdir build_dir && cp config build_dir/.config
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=i386 olddefconfig
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=i386 SHELL=/bin/bash
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@...el.com>
All errors (new ones prefixed by >>):
>> drivers/misc/hpilo.c:541:2: error: use of undeclared identifier 'minor'
minor = MINOR(ilo_hw->cdev.dev);
^
>> drivers/misc/hpilo.c:542:7: error: use of undeclared identifier 'i'
for (i = minor; i < minor + max_ccb; i++)
^
drivers/misc/hpilo.c:542:11: error: use of undeclared identifier 'minor'
for (i = minor; i < minor + max_ccb; i++)
^
drivers/misc/hpilo.c:542:18: error: use of undeclared identifier 'i'
for (i = minor; i < minor + max_ccb; i++)
^
drivers/misc/hpilo.c:542:22: error: use of undeclared identifier 'minor'
for (i = minor; i < minor + max_ccb; i++)
^
drivers/misc/hpilo.c:542:39: error: use of undeclared identifier 'i'
for (i = minor; i < minor + max_ccb; i++)
^
drivers/misc/hpilo.c:543:46: error: use of undeclared identifier 'i'
device_destroy(ilo_class, MKDEV(ilo_major, i));
^
>> drivers/misc/hpilo.c:547:11: error: use of undeclared identifier 'pdev'
free_irq(pdev->irq, ilo_hw);
^
>> drivers/misc/hpilo.c:548:2: error: implicit declaration of function 'ilo_unmap_device' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
ilo_unmap_device(pdev, ilo_hw);
^
drivers/misc/hpilo.c:548:19: error: use of undeclared identifier 'pdev'
ilo_unmap_device(pdev, ilo_hw);
^
drivers/misc/hpilo.c:549:22: error: use of undeclared identifier 'pdev'
pci_release_regions(pdev);
^
drivers/misc/hpilo.c:559:13: error: use of undeclared identifier 'minor'
ilo_hwdev[(minor / max_ccb)] = 0;
^
drivers/misc/hpilo.c:715:13: error: static declaration of 'ilo_unmap_device' follows non-static declaration
static void ilo_unmap_device(struct pci_dev *pdev, struct ilo_hwinfo *hw)
^
drivers/misc/hpilo.c:548:2: note: previous implicit declaration is here
ilo_unmap_device(pdev, ilo_hw);
^
>> drivers/misc/hpilo.c:781:12: error: use of undeclared identifier 'hw'
kref_put(&hw->refcnt, ilo_delete);
^
>> drivers/misc/hpilo.c:823:13: error: use of undeclared identifier 'iol_hw'; did you mean 'ilo_hw'?
kref_init(&iol_hw->refcnt);
^~~~~~
ilo_hw
drivers/misc/hpilo.c:788:21: note: 'ilo_hw' declared here
struct ilo_hwinfo *ilo_hw;
^
15 errors generated.
vim +/minor +541 drivers/misc/hpilo.c
534
535 static void ilo_delete(struct kref *kref)
536 {
537 struct ilo_hwinfo *ilo_hw = container_of(kref, struct ilo_hwinfo, refcnt);
538
539 clear_device(ilo_hw);
540
> 541 minor = MINOR(ilo_hw->cdev.dev);
> 542 for (i = minor; i < minor + max_ccb; i++)
543 device_destroy(ilo_class, MKDEV(ilo_major, i));
544
545 cdev_del(&ilo_hw->cdev);
546 ilo_disable_interrupts(ilo_hw);
> 547 free_irq(pdev->irq, ilo_hw);
> 548 ilo_unmap_device(pdev, ilo_hw);
549 pci_release_regions(pdev);
550 /*
551 * pci_disable_device(pdev) used to be here. But this PCI device has
552 * two functions with interrupt lines connected to a single pin. The
553 * other one is a USB host controller. So when we disable the PIN here
554 * e.g. by rmmod hpilo, the controller stops working. It is because
555 * the interrupt link is disabled in ACPI since it is not refcounted
556 * yet. See acpi_pci_link_free_irq called from acpi_pci_irq_disable.
557 */
558 kfree(ilo_hw);
559 ilo_hwdev[(minor / max_ccb)] = 0;
560
--
0-DAY CI Kernel Test Service
https://01.org/lkp
View attachment "config" of type "text/plain" (153211 bytes)
Powered by blists - more mailing lists