| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAMRc=MePwq_rnWZUA6skVqiqjxTKNLXR7cdfrrVeeaxz8Osxmg@mail.gmail.com> Date: Wed, 3 Apr 2024 11:47:21 +0200 From: Bartosz Golaszewski <brgl@...ev.pl> To: Kent Gibson <warthog618@...il.com> Cc: Linus Walleij <linus.walleij@...aro.org>, linux-gpio@...r.kernel.org, linux-kernel@...r.kernel.org, Alexey Dobriyan <adobriyan@...il.com>, stable@...r.kernel.org, Stefan Wahren <wahrenst@....net>, Naresh Kamboju <naresh.kamboju@...aro.org>, Bartosz Golaszewski <bartosz.golaszewski@...aro.org>, Linux Kernel Functional Testing <lkft@...aro.org> Subject: Re: [PATCH] gpio: cdev: check for NULL labels when sanitizing them for irqs On Wed, Apr 3, 2024 at 11:42 AM Kent Gibson <warthog618@...il.com> wrote: > > > It occurred to me that none of my tests cover this case, as they always > request edges with the consumer set, so I added some and can confirm both > the problem and the fix. > > In the process I found another bug - we overlooked setting up the irq > label in debounce_setup() - the alternate path in edge_detector_setup() > that performs sw debounce. That results in a double free of the > req->label and memory corruption hilarity follows. > > I've got a patch for that - the unfortunate part being that > debounce_setup() is earlier in the file than make_irq_label() and > free_irq_label(). Those will need to be pushed earlier, so it is > sure to conflict with this patch. > How would you prefer to proceed? Can you take my patch and just make it part of your series? Bart
Powered by blists - more mailing lists