From: Lee Jones <lee@kernel.org>
To: Yang Yingliang <yangyingliang@huawei.com>
Cc: krzysztof.kozlowski@canonical.com, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] mfd: core: fix UAF while using device of node
Date: Thu, 8 Dec 2022 15:06:19 +0000 [thread overview]
Message-ID: <Y5H9W6KVXhD9bcNT@google.com> (raw)
In-Reply-To: <9ad01578-9982-fd55-14a3-a74bf0906165@huawei.com>
On Thu, 08 Dec 2022, Yang Yingliang wrote:
> Hi,
>
> On 2022/11/16 15:41, Yang Yingliang wrote:
> > I got the following UAF report:
> >
> > refcount_t: underflow; use-after-free.
> > WARNING: CPU: 1 PID: 270 at lib/refcount.c:29 refcount_warn_saturate+0x121/0x180
> > ...
> > OF: ERROR: memory leak, expected refcount 1 instead of -1073741824,
> > of_node_get()/of_node_put() unbalanced - destroy cset entry:
> > attach overlay node /i2c/pmic@62/powerkey
> >
> > The of_node of device assigned in mfd_match_of_node_to_dev() need be
> > get, and it will be put in platform_device_release().
> >
> > Fixes: 002be8114007 ("mfd: core: Add missing of_node_put for loop iteration")
> > Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
> Is this patch good or do you have any suggestion ?
Looks okay, but I'm not applying it this late in the cycle.
Please wait until the next merge-window closes.
--
Lee Jones [李琼斯]
prev parent reply other threads:[~2022-12-08 15:06 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-16 7:41 [PATCH] mfd: core: fix UAF while using device of node Yang Yingliang
2022-12-08 13:53 ` Yang Yingliang
2022-12-08 15:06 ` Lee Jones [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y5H9W6KVXhD9bcNT@google.com \
--to=lee@kernel.org \
--cc=krzysztof.kozlowski@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=yangyingliang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.