[PATCH] PCI: fix use-after-free in pci_register_host_bridge

From: Qinglang Miao
Date: Fri Nov 20 2020 - 02:44:52 EST

Next message: Xu Yilun: "Re: [PATCH] drivers: fpga: Specify HAS_IOMEM dependency for FPGA_DFL"
Previous message: Qinglang Miao: "[PATCH] s390: cio: fix two use-after-free bugs in device.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When put_device(&bridge->dev) being called, kfree(bridge) is inside
of release function, so the following device_del would cause a
use-after-free bug.

Fixes: 37d6a0a6f470 ("PCI: Add pci_register_host_bridge() interface")
Reported-by: Hulk Robot <hulkci@xxxxxxxxxx>
Signed-off-by: Qinglang Miao <miaoqinglang@xxxxxxxxxx>
---
drivers/pci/probe.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
index 4289030b0..82292e87e 100644
--- a/drivers/pci/probe.c
+++ b/drivers/pci/probe.c
@@ -991,8 +991,8 @@ static int pci_register_host_bridge(struct pci_host_bridge *bridge)
return 0;

unregister:
- put_device(&bridge->dev);
device_del(&bridge->dev);
+ put_device(&bridge->dev);

free:
kfree(bus);
--
2.23.0

Next message: Xu Yilun: "Re: [PATCH] drivers: fpga: Specify HAS_IOMEM dependency for FPGA_DFL"
Previous message: Qinglang Miao: "[PATCH] s390: cio: fix two use-after-free bugs in device.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]