* [PATCH v2 net] can: sja1000: fix use after free in ems_pcmcia_add_card()
@ 2021-11-24 6:56 Dan Carpenter
2021-11-24 7:37 ` Oliver Hartkopp
0 siblings, 1 reply; 4+ messages in thread
From: Dan Carpenter @ 2021-11-24 6:56 UTC (permalink / raw)
To: Wolfgang Grandegger, Oliver Hartkopp
Cc: Marc Kleine-Budde, David S. Miller, Jakub Kicinski,
Leon Romanovsky, Markus Plessing, linux-can, netdev,
kernel-janitors
If the last channel is not available then "dev" is freed. Fortunately,
we can just use "pdev->irq" instead.
Fixes: fd734c6f25ae ("can/sja1000: add driver for EMS PCMCIA card")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
v2: In the first version, I just failed the probe. Sorry about that.
drivers/net/can/sja1000/ems_pcmcia.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/can/sja1000/ems_pcmcia.c b/drivers/net/can/sja1000/ems_pcmcia.c
index e21b169c14c0..391a8253ed6f 100644
--- a/drivers/net/can/sja1000/ems_pcmcia.c
+++ b/drivers/net/can/sja1000/ems_pcmcia.c
@@ -234,7 +234,7 @@ static int ems_pcmcia_add_card(struct pcmcia_device *pdev, unsigned long base)
free_sja1000dev(dev);
}
- err = request_irq(dev->irq, &ems_pcmcia_interrupt, IRQF_SHARED,
+ err = request_irq(pdev->irq, &ems_pcmcia_interrupt, IRQF_SHARED,
DRV_NAME, card);
if (!err)
return 0;
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v2 net] can: sja1000: fix use after free in ems_pcmcia_add_card()
2021-11-24 6:56 [PATCH v2 net] can: sja1000: fix use after free in ems_pcmcia_add_card() Dan Carpenter
@ 2021-11-24 7:37 ` Oliver Hartkopp
2021-11-24 8:57 ` Dan Carpenter
0 siblings, 1 reply; 4+ messages in thread
From: Oliver Hartkopp @ 2021-11-24 7:37 UTC (permalink / raw)
To: Dan Carpenter, Wolfgang Grandegger
Cc: Marc Kleine-Budde, David S. Miller, Jakub Kicinski,
Leon Romanovsky, Markus Plessing, linux-can, netdev,
kernel-janitors
Hello Dan,
On 24.11.21 07:56, Dan Carpenter wrote:
> If the last channel is not available then "dev" is freed. Fortunately,
> we can just use "pdev->irq" instead.
But in the case that we do not find any channel the irq for the card is
still requested (via pdev->irq).
>
> Fixes: fd734c6f25ae ("can/sja1000: add driver for EMS PCMCIA card")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> v2: In the first version, I just failed the probe. Sorry about that.
>
> drivers/net/can/sja1000/ems_pcmcia.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/net/can/sja1000/ems_pcmcia.c b/drivers/net/can/sja1000/ems_pcmcia.c
> index e21b169c14c0..391a8253ed6f 100644
> --- a/drivers/net/can/sja1000/ems_pcmcia.c
> +++ b/drivers/net/can/sja1000/ems_pcmcia.c
> @@ -234,7 +234,7 @@ static int ems_pcmcia_add_card(struct pcmcia_device *pdev, unsigned long base)
> free_sja1000dev(dev);
> }
>
> - err = request_irq(dev->irq, &ems_pcmcia_interrupt, IRQF_SHARED,
When adding this check, we should be fine:
+ if (card->channels)
> + err = request_irq(pdev->irq, &ems_pcmcia_interrupt, IRQF_SHARED,
> DRV_NAME, card);
> if (!err)
> return 0;
>
Thanks for checking this code after so many years!
I saved that 17 year old EMS PCMCIA Card from my former CAN hardware box
two weeks ago and made a 5.16-rc2 run on a 2006 Samsung X20 with Pentium
M 1.7GHz yesterday. My only machine here at home with a PCMCIA slot :-D
https://www.amazon.de/Samsung-Centrino-1-73GHz-Graphic-Accelerator/dp/B000AXSIRE
And it still works with the CAN card!
Best regards,
Oliver
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v2 net] can: sja1000: fix use after free in ems_pcmcia_add_card()
2021-11-24 7:37 ` Oliver Hartkopp
@ 2021-11-24 8:57 ` Dan Carpenter
2021-11-24 9:13 ` Oliver Hartkopp
0 siblings, 1 reply; 4+ messages in thread
From: Dan Carpenter @ 2021-11-24 8:57 UTC (permalink / raw)
To: Oliver Hartkopp
Cc: Wolfgang Grandegger, Marc Kleine-Budde, David S. Miller,
Jakub Kicinski, Leon Romanovsky, Markus Plessing, linux-can,
netdev, kernel-janitors
On Wed, Nov 24, 2021 at 08:37:27AM +0100, Oliver Hartkopp wrote:
> Hello Dan,
>
> On 24.11.21 07:56, Dan Carpenter wrote:
> > If the last channel is not available then "dev" is freed. Fortunately,
> > we can just use "pdev->irq" instead.
>
> But in the case that we do not find any channel the irq for the card is
> still requested (via pdev->irq).
>
> >
> > Fixes: fd734c6f25ae ("can/sja1000: add driver for EMS PCMCIA card")
> > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> > ---
> > v2: In the first version, I just failed the probe. Sorry about that.
> >
> > drivers/net/can/sja1000/ems_pcmcia.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/net/can/sja1000/ems_pcmcia.c b/drivers/net/can/sja1000/ems_pcmcia.c
> > index e21b169c14c0..391a8253ed6f 100644
> > --- a/drivers/net/can/sja1000/ems_pcmcia.c
> > +++ b/drivers/net/can/sja1000/ems_pcmcia.c
> > @@ -234,7 +234,7 @@ static int ems_pcmcia_add_card(struct pcmcia_device *pdev, unsigned long base)
> > free_sja1000dev(dev);
> > }
> > - err = request_irq(dev->irq, &ems_pcmcia_interrupt, IRQF_SHARED,
>
> When adding this check, we should be fine:
>
> + if (card->channels)
Sure, I will send a v3 with that.
regards,
dan carpenter
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v2 net] can: sja1000: fix use after free in ems_pcmcia_add_card()
2021-11-24 8:57 ` Dan Carpenter
@ 2021-11-24 9:13 ` Oliver Hartkopp
0 siblings, 0 replies; 4+ messages in thread
From: Oliver Hartkopp @ 2021-11-24 9:13 UTC (permalink / raw)
To: Dan Carpenter
Cc: Wolfgang Grandegger, Marc Kleine-Budde, David S. Miller,
Jakub Kicinski, Leon Romanovsky, Markus Plessing, linux-can,
netdev, kernel-janitors
On 24.11.21 09:57, Dan Carpenter wrote:
> On Wed, Nov 24, 2021 at 08:37:27AM +0100, Oliver Hartkopp wrote:
>> Hello Dan,
>>
>> On 24.11.21 07:56, Dan Carpenter wrote:
>>> If the last channel is not available then "dev" is freed. Fortunately,
>>> we can just use "pdev->irq" instead.
>>
>> But in the case that we do not find any channel the irq for the card is
>> still requested (via pdev->irq).
>>
>>>
>>> Fixes: fd734c6f25ae ("can/sja1000: add driver for EMS PCMCIA card")
>>> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>>> ---
>>> v2: In the first version, I just failed the probe. Sorry about that.
>>>
>>> drivers/net/can/sja1000/ems_pcmcia.c | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/net/can/sja1000/ems_pcmcia.c b/drivers/net/can/sja1000/ems_pcmcia.c
>>> index e21b169c14c0..391a8253ed6f 100644
>>> --- a/drivers/net/can/sja1000/ems_pcmcia.c
>>> +++ b/drivers/net/can/sja1000/ems_pcmcia.c
>>> @@ -234,7 +234,7 @@ static int ems_pcmcia_add_card(struct pcmcia_device *pdev, unsigned long base)
>>> free_sja1000dev(dev);
>>> }
>>> - err = request_irq(dev->irq, &ems_pcmcia_interrupt, IRQF_SHARED,
>>
>> When adding this check, we should be fine:
>>
>> + if (card->channels)
>
> Sure, I will send a v3 with that.
With these discussed changes you might directly add my
Tested-by: Oliver Hartkopp <socketcan@hartkopp.net>
Thanks,
Oliver
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-11-24 9:13 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-11-24 6:56 [PATCH v2 net] can: sja1000: fix use after free in ems_pcmcia_add_card() Dan Carpenter
2021-11-24 7:37 ` Oliver Hartkopp
2021-11-24 8:57 ` Dan Carpenter
2021-11-24 9:13 ` Oliver Hartkopp
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).