merged. Bruce
In message: [linux-yocto][v5.10/standard/x86 and v5.10/standard/preempt-rt/x86][PATCH] iwlwifi: fix use-after-free on 21/02/2022 Yongxin Liu wrote: > From: Johannes Berg <[email protected]> > > commit bea2662e7818e15d7607d17d57912ac984275d94 upstream. > > If no firmware was present at all (or, presumably, all of the > firmware files failed to parse), we end up unbinding by calling > device_release_driver(), which calls remove(), which then in > iwlwifi calls iwl_drv_stop(), freeing the 'drv' struct. However > the new code I added will still erroneously access it after it > was freed. > > Set 'failure=false' in this case to avoid the access, all data > was already freed anyway. > > Cc: [email protected] > Reported-by: Stefan Agner <[email protected]> > Reported-by: Wolfgang Walter <[email protected]> > Reported-by: Jason Self <[email protected]> > Reported-by: Dominik Behr <[email protected]> > Reported-by: Marek Marczykowski-Górecki <[email protected]> > Fixes: ab07506b0454 ("iwlwifi: fix leaks/bad data after failed firmware load") > Signed-off-by: Johannes Berg <[email protected]> > Signed-off-by: Kalle Valo <[email protected]> > Link: > https://lore.kernel.org/r/20220208114728.e6b514cf4c85.Iffb575ca2a623d7859b542c33b2a507d01554251@changeid > Signed-off-by: Yongxin Liu <[email protected]> > --- > drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/net/wireless/intel/iwlwifi/iwl-drv.c > b/drivers/net/wireless/intel/iwlwifi/iwl-drv.c > index 91450f33fe0f..678007f3c66f 100644 > --- a/drivers/net/wireless/intel/iwlwifi/iwl-drv.c > +++ b/drivers/net/wireless/intel/iwlwifi/iwl-drv.c > @@ -1605,6 +1605,8 @@ static void iwl_req_fw_callback(const struct firmware > *ucode_raw, void *context) > out_unbind: > complete(&drv->request_firmware_complete); > device_release_driver(drv->trans->dev); > + /* drv has just been freed by the release */ > + failure = false; > free: > if (failure) > iwl_dealloc_ucode(drv); > -- > 2.34.1 >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#10973): https://lists.yoctoproject.org/g/linux-yocto/message/10973 Mute This Topic: https://lists.yoctoproject.org/mt/89287191/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/linux-yocto/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
