[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <c2b7264f-c533-2d80-e41e-a7019aefb602@datenfreihafen.org>
Date: Sat, 7 Oct 2023 20:42:46 +0200
From: Stefan Schmidt <stefan@...enfreihafen.org>
To: Dinghao Liu <dinghao.liu@....edu.cn>
Cc: stable@...r.kernel.org, Alexander Aring <alex.aring@...il.com>,
Miquel Raynal <miquel.raynal@...tlin.com>,
"David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
Harry Morris <harrymorris12@...il.com>, Marcel Holtmann
<marcel@...tmann.org>, linux-wpan@...r.kernel.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] [v4] ieee802154: ca8210: Fix a potential UAF in
ca8210_probe
Hello.
On 07.10.23 05:30, Dinghao Liu wrote:
> If of_clk_add_provider() fails in ca8210_register_ext_clock(),
> it calls clk_unregister() to release priv->clk and returns an
> error. However, the caller ca8210_probe() then calls ca8210_remove(),
> where priv->clk is freed again in ca8210_unregister_ext_clock(). In
> this case, a use-after-free may happen in the second time we call
> clk_unregister().
>
> Fix this by removing the first clk_unregister(). Also, priv->clk could
> be an error code on failure of clk_register_fixed_rate(). Use
> IS_ERR_OR_NULL to catch this case in ca8210_unregister_ext_clock().
>
> Fixes: ded845a781a5 ("ieee802154: Add CA8210 IEEE 802.15.4 device driver")
> Signed-off-by: Dinghao Liu <dinghao.liu@....edu.cn>
> ---
>
> Changelog:
>
> v2: -Remove the first clk_unregister() instead of nulling priv->clk.
>
> v3: -Simplify ca8210_register_ext_clock().
> -Add a ';' after return in ca8210_unregister_ext_clock().
>
> v4: -Remove an unused variable 'ret'.
This patch has been applied to the wpan tree and will be
part of the next pull request to net. Thanks!
regards
Stefan Schmidt
Powered by blists - more mailing lists