Re: [PATCH v2] iio: buffer: hw-consumer: fix use-after-free in error path

Next message: Thinh Nguyen: "Re: [PATCH] usb: dwc3: avoid probe deferral when USB power supply is not available"
Previous message: patchwork-bot+netdevbpf: "Re: [PATCH net-next v2] pppoe: optimize hash with word access"
In reply to: Joshua Crofts: "Re: [PATCH v2] iio: buffer: hw-consumer: fix use-after-free in error path"
Next in thread: Andy Shevchenko: "Re: [PATCH v2] iio: buffer: hw-consumer: fix use-after-free in error path"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Maxwell Doose

Date: Fri May 01 2026 - 22:38:58 EST

On Fri May 1, 2026 at 2:40 PM CDT, Joshua Crofts wrote:
> ⁷
>
> On Fri, 1 May 2026 at 17:47, Maxwell Doose <m32285159@xxxxxxxxx> wrote:
>
>> I think one of the issues raised by sashiko has an active patch:
>>
>> https://lore.kernel.org/linux-iio/20260427-iio_buf-v1-1-2bbdac844647@xxxxxxxxx/
>>
>> and I think they were waiting for Nuno to review it, since they noted
>> they were on a "wild goose chase". Thus the only issue raised by sashiko
>> that would still need a patch would be the OOB issue, but I haven't
>> looked at its explaination thoroughly to see if it's hallucinating.
>>
>> Anyways this one should still be good to merge.
>>
> Yeah this is good to merge, I was only pointing out that
> Sashiko reported additional errors (unrelated to this patch,
> it seems to keep finding more issues with the driver).

Also, if anybody feels strongly about the OOB issue that sashiko raised
in iio_hw_consumer_alloc(), you can probably add something like:

if (chan->channel->scan_index < 0)
continue;

but I feel at that point if that even happens there's something else
seriously wrong. But it might be a good idea to add that check anyways,
better safe than sorry. Not to mention, since this is a public function,
we need to code far more defensively.

best regards,
maxwell