| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <013ea925-accc-4927-aca5-7fad4043377b@gmail.com>
Date: Thu, 17 Jul 2025 12:48:02 +0100
From: "Colin King (gmail)" <colin.i.king@...il.com>
To: Nam Cao <namcao@...utronix.de>, Manivannan Sadhasivam <mani@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>, Bjorn Helgaas <bhelgaas@...gle.com>
Cc: Lorenzo Pieralisi <lpieralisi@...nel.org>,
Krzysztof WilczyĆski <kwilczynski@...nel.org>,
Manivannan Sadhasivam <mani@...nel.org>, linux-pci@...r.kernel.org,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: PCI: vmd: repeated kfree of vmdirq
Hi,
Static analysis found an issue in the following commit in linux-next:
commit 2b96beffa42760513567919aa27eb72035f2db58
Author: Nam Cao <namcao@...utronix.de>
Date: Thu Jun 26 16:48:06 2025 +0200
PCI: vmd: Switch to msi_create_parent_irq_domain()
The issue is as follows:
static void vmd_msi_free(struct irq_domain *domain, unsigned int virq,
unsigned int nr_irqs)
{
struct vmd_irq *vmdirq = irq_get_chip_data(virq);
for (int i = 0; i < nr_irqs; ++i) {
synchronize_srcu(&vmdirq->irq->srcu);
/* XXX: Potential optimization to rebalance */
scoped_guard(raw_spinlock_irq, &list_lock)
vmdirq->irq->count--;
kfree(vmdirq);
}
}
The for-loop is repeatedly kfree'ing vmdirq which seems incorrect.
Colin
Download attachment "OpenPGP_0x68C287DFC6A80226.asc" of type "application/pgp-keys" (4825 bytes)
Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (841 bytes)
Powered by blists - more mailing lists