lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <ZIHAA6QwRkQ+lS45@matsya>
Date:   Thu, 8 Jun 2023 17:18:19 +0530
From:   Vinod Koul <vkoul@...nel.org>
To:     Jon Hunter <jonathanh@...dia.com>
Cc:     Haotien Hsu <haotienh@...dia.com>, JC Kuo <jckuo@...dia.com>,
        Kishon Vijay Abraham I <kishon@...nel.org>,
        Thierry Reding <thierry.reding@...il.com>,
        Philipp Zabel <p.zabel@...gutronix.de>,
        linux-phy@...ts.infradead.org, linux-tegra@...r.kernel.org,
        linux-kernel@...r.kernel.org, Wayne Chang <waynec@...dia.com>,
        EJ Hsu <ejh@...dia.com>
Subject: Re: [PATCH v2] phy: tegra: xusb: Fix use-after-free issue

On 06-06-23, 10:39, Jon Hunter wrote:
> Hi Vinod,
> 
> On 08/05/2023 11:03, Haotien Hsu wrote:
> > From: EJ Hsu <ejh@...dia.com>
> > 
> > For the dual-role port, it will assign the phy dev to usb-phy dev and
> > use the port dev driver as the dev driver of usb-phy.
> > 
> > When we try to destroy the port dev, it will destroy its dev driver
> > as well. But we did not remove the reference from usb-phy dev. This
> > might cause the use-after-free issue in KASAN.
> > 
> > Fixes: e8f7d2f409a1 ("phy: tegra: xusb: Add usb-phy support")
> > Cc: stable@...r.kernel.org
> > 
> > Signed-off-by: EJ Hsu <ejh@...dia.com>
> > Signed-off-by: Haotien Hsu <haotienh@...dia.com>
> > ---
> > V1 -> V2: Remove extra movements to clarify the change
> > ---
> >   drivers/phy/tegra/xusb.c | 1 +
> >   1 file changed, 1 insertion(+)
> > 
> > diff --git a/drivers/phy/tegra/xusb.c b/drivers/phy/tegra/xusb.c
> > index 78045bd6c214..26b66a668f3b 100644
> > --- a/drivers/phy/tegra/xusb.c
> > +++ b/drivers/phy/tegra/xusb.c
> > @@ -568,6 +568,7 @@ static void tegra_xusb_port_unregister(struct tegra_xusb_port *port)
> >   		usb_role_switch_unregister(port->usb_role_sw);
> >   		cancel_work_sync(&port->usb_phy_work);
> >   		usb_remove_phy(&port->usb_phy);
> > +		port->usb_phy.dev->driver = NULL;
> >   	}
> >   	if (port->ops->remove)
> 
> 
> Are you OK to pick this up now?

Changes looks good to me. But title should describe the change, so if
Haotien can change title to reflect the change in patch, I would be
happy to apply

> 
> FWIW ...
> 
> Acked-by: Jon Hunter <jonathanh@...dia.com>

ofc this should be carried too

> 
> I believe Thierry already ACK'ed V1.
> 
> Jon
> 
> -- 
> nvpublic

-- 
~Vinod

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ