lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aSiClqDJJMPMqBNJ@opensource.cirrus.com>
Date: Thu, 27 Nov 2025 16:55:50 +0000
From: Charles Keepax <ckeepax@...nsource.cirrus.com>
To: sparkhuang <huangshaobo3@...omi.com>
Cc: Liam Girdwood <lgirdwood@...il.com>, Mark Brown <broonie@...nel.org>,
        Charles Keepax <ckeepax@...nsource.wolfsonmicro.com>,
        linux-kernel@...r.kernel.org, weipengliang@...omi.com,
        wengjinfei@...omi.com, caodan1@...omi.com
Subject: Re: [PATCH v2] regulator: core: Protect regulator_supply_alias_list
 with regulator_list_mutex

On Thu, Nov 27, 2025 at 10:57:16AM +0800, sparkhuang wrote:
> regulator_supply_alias_list was accessed without any locking in
> regulator_supply_alias(), regulator_register_supply_alias(), and
> regulator_unregister_supply_alias(). Concurrent registration,
> unregistration and lookups can race, leading to:
> 
> 1 use-after-free if an alias entry is removed while being read,
> 2 duplicate entries when two threads register the same alias,
> 3 inconsistent alias mappings observed by consumers.
> 
> Protect all traversals, insertions and deletions on
> regulator_supply_alias_list with the existing regulator_list_mutex.
> 
> Fixes: a06ccd9c3785f ("regulator: core: Add ability to create a lookup alias for supply")
> Signed-off-by: sparkhuang <huangshaobo3@...omi.com>
> ---

Reviewed-by: Charles Keepax <ckeepax@...nsource.cirrus.com>

Thanks,
Charles

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ