From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linuxfoundation.org ([140.211.169.12]:35644 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751791AbeBWLMd (ORCPT ); Fri, 23 Feb 2018 06:12:33 -0500 Subject: Patch "PCI: rcar: Fix use-after-free in probe error path" has been added to the 4.14-stable tree To: geert+renesas@glider.be, alexander.levin@verizon.com, bhelgaas@google.com, gregkh@linuxfoundation.org, horms+renesas@verge.net.au, lorenzo.pieralisi@arm.com Cc: , From: Date: Fri, 23 Feb 2018 12:10:57 +0100 Message-ID: <1519384257131103@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org List-ID: This is a note to let you know that I've just added the patch titled PCI: rcar: Fix use-after-free in probe error path to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: pci-rcar-fix-use-after-free-in-probe-error-path.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >>From foo@baz Fri Feb 23 11:45:09 CET 2018 From: Geert Uytterhoeven Date: Thu, 7 Dec 2017 11:15:19 +0100 Subject: PCI: rcar: Fix use-after-free in probe error path From: Geert Uytterhoeven [ Upstream commit 0c31f1d7be1b5c4858b1d714dcefa25f41428cab ] If CONFIG_DEBUG_SLAB=y, and no PCIe card is inserted, the kernel crashes during probe on r8a7791/koelsch: rcar-pcie fe000000.pcie: PCIe link down Unable to handle kernel paging request at virtual address 6b6b6b6b (seeing this message requires earlycon and keep_bootcon). Indeed, pci_free_host_bridge() frees the PCI host bridge, including the embedded rcar_pcie object, so pci_free_resource_list() must not be called afterwards. To fix this, move the call to pci_free_resource_list() up, and update the label name accordingly. Fixes: ddd535f1ea3eb27e ("PCI: rcar: Fix memory leak when no PCIe card is inserted") Signed-off-by: Geert Uytterhoeven Signed-off-by: Bjorn Helgaas Acked-by: Simon Horman Acked-by: Lorenzo Pieralisi Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- drivers/pci/host/pcie-rcar.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) --- a/drivers/pci/host/pcie-rcar.c +++ b/drivers/pci/host/pcie-rcar.c @@ -1146,12 +1146,12 @@ static int rcar_pcie_probe(struct platfo err = rcar_pcie_get_resources(pcie); if (err < 0) { dev_err(dev, "failed to request resources: %d\n", err); - goto err_free_bridge; + goto err_free_resource_list; } err = rcar_pcie_parse_map_dma_ranges(pcie, dev->of_node); if (err) - goto err_free_bridge; + goto err_free_resource_list; pm_runtime_enable(dev); err = pm_runtime_get_sync(dev); @@ -1194,9 +1194,9 @@ err_pm_put: err_pm_disable: pm_runtime_disable(dev); -err_free_bridge: - pci_free_host_bridge(bridge); +err_free_resource_list: pci_free_resource_list(&pcie->resources); + pci_free_host_bridge(bridge); return err; } Patches currently in stable-queue which might be from geert+renesas@glider.be are queue-4.14/gpio-74x164-fix-crash-during-.remove.patch queue-4.14/pci-rcar-fix-use-after-free-in-probe-error-path.patch