| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250717115220.jfvzVfuR@linutronix.de>
Date: Thu, 17 Jul 2025 13:52:20 +0200
From: Nam Cao <namcao@...utronix.de>
To: "Colin King (gmail)" <colin.i.king@...il.com>
Cc: Manivannan Sadhasivam <mani@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>,
Bjorn Helgaas <bhelgaas@...gle.com>,
Lorenzo Pieralisi <lpieralisi@...nel.org>,
Krzysztof WilczyĆski <kwilczynski@...nel.org>,
linux-pci@...r.kernel.org,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: PCI: vmd: repeated kfree of vmdirq
On Thu, Jul 17, 2025 at 12:48:02PM +0100, Colin King (gmail) wrote:
> Hi,
>
> Static analysis found an issue in the following commit in linux-next:
>
> commit 2b96beffa42760513567919aa27eb72035f2db58
> Author: Nam Cao <namcao@...utronix.de>
> Date: Thu Jun 26 16:48:06 2025 +0200
>
> PCI: vmd: Switch to msi_create_parent_irq_domain()
>
>
> The issue is as follows:
>
> static void vmd_msi_free(struct irq_domain *domain, unsigned int virq,
> unsigned int nr_irqs)
> {
> struct vmd_irq *vmdirq = irq_get_chip_data(virq);
>
> for (int i = 0; i < nr_irqs; ++i) {
> synchronize_srcu(&vmdirq->irq->srcu);
>
> /* XXX: Potential optimization to rebalance */
> scoped_guard(raw_spinlock_irq, &list_lock)
> vmdirq->irq->count--;
>
> kfree(vmdirq);
> }
> }
>
> The for-loop is repeatedly kfree'ing vmdirq which seems incorrect.
Thanks for the report. It has been resolved in PCI tree.
Best regards,
Nam
Powered by blists - more mailing lists