| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87r0079wyy.fsf@intel.com> Date: Thu, 29 May 2025 09:56:53 -0700 From: Vinicius Costa Gomes <vinicius.gomes@...el.com> To: Yi Sun <yi.sun@...el.com>, dave.jiang@...el.com, dmaengine@...r.kernel.org, linux-kernel@...r.kernel.org Cc: yi.sun@...el.com, xueshuai@...ux.alibaba.com, gordon.jin@...el.com Subject: Re: [PATCH 1/2] dmaengine: idxd: Remove improper idxd_free Hi, Yi Sun <yi.sun@...el.com> writes: > The put_device() call can be asynchronous cleanup via schedule_delayed_work > when CONFIG_DEBUG_KOBJECT_RELEASE is set. This results in a use-after-free > failure during module unloading if invoking idxd_free() immediately > afterward. > I think that adding the relevant part of the log would be helpful. (I am looking at either a similar, or this exact problem, so at least to me it would be helpful) > Removes the improper call idxd_free() to prevent potential memory > corruption. Thinking if it would be worth a Fixes: tag. > > Signed-off-by: Yi Sun <yi.sun@...el.com> > > diff --git a/drivers/dma/idxd/init.c b/drivers/dma/idxd/init.c > index 760b7d81fcd8..504aca0fd597 100644 > --- a/drivers/dma/idxd/init.c > +++ b/drivers/dma/idxd/init.c > @@ -1324,7 +1324,6 @@ static void idxd_remove(struct pci_dev *pdev) > idxd_cleanup(idxd); > pci_iounmap(pdev, idxd->reg_base); > put_device(idxd_confdev(idxd)); > - idxd_free(idxd); > pci_disable_device(pdev); > } > > -- > 2.43.0 > -- Vinicius
Powered by blists - more mailing lists