| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <877cmvhbpd.fsf@nvidia.com> Date: Sun, 05 Nov 2023 18:12:14 -0800 From: Rahul Rameshbabu <rrameshbabu@...dia.com> To: Lizhi Xu <lizhi.xu@...driver.com> Cc: <syzbot+8a78ecea7ac1a2ea26e5@...kaller.appspotmail.com>, <davem@...emloft.net>, <linux-kernel@...r.kernel.org>, <netdev@...r.kernel.org>, <reibax@...il.com>, <richardcochran@...il.com>, <syzkaller-bugs@...glegroups.com> Subject: Re: [PATCH] ptp: fix null ptr deref in ptp_ioctrl On Mon, 06 Nov, 2023 09:19:26 +0800 Lizhi Xu <lizhi.xu@...driver.com> wrote: <snip> > > It can be confirmed that after the execution of "read (3, 0x20000080, 90)", > ptp_release() will be called to release the queue and set > pccontext->private_clkdata = NULL at the same time, this is unreasonable and > incorrect. The queue is not the memory requested in ptp_read() and should not > be released in ptp_read(). > > Signed-off-by: Lizhi Xu <lizhi.xu@...driver.com> > --- > drivers/ptp/ptp_chardev.c | 2 -- > 1 file changed, 2 deletions(-) > > diff --git a/drivers/ptp/ptp_chardev.c b/drivers/ptp/ptp_chardev.c > index 282cd7d24077..27c1ef493617 100644 > --- a/drivers/ptp/ptp_chardev.c > +++ b/drivers/ptp/ptp_chardev.c > @@ -585,7 +585,5 @@ ssize_t ptp_read(struct posix_clock_context *pccontext, uint rdflags, > free_event: > kfree(event); > exit: > - if (result < 0) > - ptp_release(pccontext); > return result; > } There is already an ongoing review for a patch submission that covers this. https://lore.kernel.org/netdev/tencent_856E1C97CCE9E2ED66CC087B526CD42ED50A@qq.com/ -- Thanks, Rahul Rameshbabu
Powered by blists - more mailing lists