Re: [PATCH] ptp: free ptp device pin descriptors properly

From: David Miller
Date: Tue Jan 14 2020 - 14:00:02 EST

Next message: Ira Weiny: "Re: [RFC PATCH V2 10/12] fs/xfs: Fix truncate up"
Previous message: Minchan Kim: "Re: [PATCH 2/4] mm: introduce external memory hinting API"
In reply to: Richard Cochran: "Re: [PATCH] ptp: free ptp device pin descriptors properly"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Vladis Dronov <vdronov@xxxxxxxxxx>
Date: Mon, 13 Jan 2020 14:00:09 +0100

> There is a bug in ptp_clock_unregister(), where ptp_cleanup_pin_groups()
> first frees ptp->pin_{,dev_}attr, but then posix_clock_unregister() needs
> them to destroy a related sysfs device.
>
> These functions can not be just swapped, as posix_clock_unregister() frees
> ptp which is needed in the ptp_cleanup_pin_groups(). Fix this by calling
> ptp_cleanup_pin_groups() in ptp_clock_release(), right before ptp is freed.
>
> This makes this patch fix an UAF bug in a patch which fixes an UAF bug.
>
> Reported-by: Antti Laakso <antti.laakso@xxxxxxxxx>
> Fixes: a33121e5487b ("ptp: fix the race between the release of ptp_clock and cdev")
> Link: https://lore.kernel.org/netdev/3d2bd09735dbdaf003585ca376b7c1e5b69a19bd.camel@xxxxxxxxx/
> Signed-off-by: Vladis Dronov <vdronov@xxxxxxxxxx>

Applied, thank you.

Next message: Ira Weiny: "Re: [RFC PATCH V2 10/12] fs/xfs: Fix truncate up"
Previous message: Minchan Kim: "Re: [PATCH 2/4] mm: introduce external memory hinting API"
In reply to: Richard Cochran: "Re: [PATCH] ptp: free ptp device pin descriptors properly"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]