| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CABPRKS-UAnhSFB5z-LhrQqgXtenyLqVCByaME12LvMNmjVQ4ig@mail.gmail.com> Date: Tue, 5 Nov 2024 11:30:36 -0800 From: Justin Tee <justintee8345@...il.com> To: Qiu-ji Chen <chenqiuji666@...il.com> Cc: Justin Tee <justin.tee@...adcom.com>, james.smart@...adcom.com, dick.kennedy@...adcom.com, James.Bottomley@...senpartnership.com, martin.petersen@...cle.com, linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org, baijiaju1990@...il.com, stable@...r.kernel.org Subject: Re: [PATCH] scsi: lpfc: Fix improper handling of refcount in lpfc_bsg_hba_set_event() Hi Qiu-ji, This patch does not look logically correct. if (&evt->node == &phba->ct_ev_waiters) evaluates to true, then it is not possible that (evt->reg_id == event_req->ev_reg_id) is also true. Because if (evt->reg_id == event_req->ev_reg_id) evaluates to true, it means we have found an lpfc_bsg_event of event_req specified interest and therefore (&evt->node != &phba->ct_ev_waiters) must be true. Also, following this suggested patch’s logic, if after attempting to go through the phba->ct_ev_waiters list and the evt->node iterator is pointing at exactly the phba->ct_ev_waiters head, then this patch’s kref_put will be for the phba->ct_ev_waiters head which is not a preallocated lpfc_bsg_event object. So, this patch would be calling kref_put on an uninitialized memory region. Sorry, I cannot acknowledge this patch. Regards, Justin
Powered by blists - more mailing lists