| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9b3d1ab0-1313-4f87-9b98-15dd78ca24a8@stanley.mountain>
Date: Thu, 27 Feb 2025 08:55:16 +0300
From: Dan Carpenter <dan.carpenter@...aro.org>
To: Haoxiang Li <haoxiang_li2024@....com>
Cc: mporter@...nel.crashing.org, alex.bou9@...il.com, error27@...il.com,
akpm@...ux-foundation.org, linux-kernel@...r.kernel.org,
stable@...r.kernel.org
Subject: Re: [PATCH] rapidio: fix an API misues when rio_add_net() fails
On Thu, Feb 27, 2025 at 11:58:59AM +0800, Haoxiang Li wrote:
> rio_add_net() calls device_register() and fails when device_register()
> fails. Thus, put_device() should be used rather than kfree().
>
> Fixes: e8de370188d0 ("rapidio: add mport char device driver")
> Cc: stable@...r.kernel.org
> Signed-off-by: Haoxiang Li <haoxiang_li2024@....com>
> ---
> drivers/rapidio/devices/rio_mport_cdev.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/rapidio/devices/rio_mport_cdev.c b/drivers/rapidio/devices/rio_mport_cdev.c
> index 27afbb9d544b..cfff1c82fb25 100644
> --- a/drivers/rapidio/devices/rio_mport_cdev.c
> +++ b/drivers/rapidio/devices/rio_mport_cdev.c
> @@ -1742,7 +1742,7 @@ static int rio_mport_add_riodev(struct mport_cdev_priv *priv,
> err = rio_add_net(net);
> if (err) {
> rmcd_debug(RDEV, "failed to register net, err=%d", err);
> - kfree(net);
> + put_device(&net->dev);
Yeah, you're right. But the worse bug is that we're missing an
"mport->net = NULL;" before this goto. It leads to a quite bad
use after free issue if we trigger this path.
Please fix that as well and resend.
regards,
dan carpenter
> goto cleanup;
> }
> }
> --
> 2.25.1
Powered by blists - more mailing lists