>>When a resource is freed and has children, the childrens are
>
> s/childrens/children/
>
oh, missed that. Too many children ... ;-)
>>+ __release_child_resources(tmp, warn);
>
> This function will release all the children.
>
> Is this what Linus suggest?
>
> From his code snippe
> My gut feeling is this is the problem from mal-functional driver, e.g.
> xhci-hcd. We do our best to protect core kernel from it instead of do the
> cleanup for it.
Agree.
My intention wasn't to fix mal-functional driver, but to give it a hint
that it's doing something wrong.
(In the xhci-hcd cas
When a resource region is released and has children,
the children are left without any hint that their
parent is no more valid.
This was observed on a use-after-free fault in the xhci-hcd
when xhci-hcd released his iomem region before
platform code released resources of platform devices
giving a r
> >
> > In theory, child may have siblings. Would it be possible to have several
> > devices under xhci-hcd?
>
> I'm less interested in the xhci-hcd case - which I certainly *hope* is
> fixed already? - than in "if this happens somewhere else".
>
> So if we do want to remove the parent (which may
On driver removal, the platform_device_unregister call
attached through devm_add_action_or_reset was executed
after usb_hcd_pci_remove.
This lead to a use-after-free for the iomem resorce of
the xhci-ext-caps driver in the platform removal
because the parent of the resource was freed earlier.
Fix
When a resource is freed and has children, the childrens are
left without any hint that their parent is no more valid.
This caused at least one use-after-free in the xhci-hcd using
ext-caps driver when platform code released platform devices.
In such case, warn and release all resources beyond.
S
When a resource is freed and has children, the childrens are
left without any hint that their parent is no more valid.
This caused at least one use-after-free in the xhci-hcd using
ext-caps driver when platform code released platform devices.
Fix this by setting child's parent to zero and warn.
S
> -Ursprüngliche Nachricht-
> Von: Wei Yang [mailto:richard.weiy...@gmail.com]
> Gesendet: Samstag, 10. August 2019 02:45
> An: Linus Torvalds
> Cc: Wei Yang ; Schmid, Carsten
> ; b...@suse.de; dan.j.willi...@intel.com;
> mi...@kernel.org; dave.han...@linux.in
When a resource is freed and has children, the childrens are
left without any hint that their parent is no more valid.
This caused at least one use-after-free in the xhci-hcd using
ext-caps driver when platform code released platform devices.
Fix this by setting child's parent to zero and warn.
S
9 matches
Mail list logo
