Re: linuxnext-2019127 edac warns (was Re: edac KASAN warning in experimental arm64 allmodconfig boot)

From: John Garry
Date: Mon Dec 02 2019 - 05:23:34 EST

Next message: kungf: "[PATCH] bcache: add REQ_FUA to avoid data lost in writeback mode"
Previous message: ÐÐÑÑÐÐÐÑÐ ÐÐÐÐÐÐÑÑÑÐÑÐÑ: "[no subject]"
Next in thread: Robert Richter: "Re: linuxnext-2019127 edac warns (was Re: edac KASAN warning in experimental arm64 allmodconfig boot)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 28/11/2019 21:12, Robert Richter wrote:

On 27.11.19 17:07:33, John Garry wrote:

[ 22.104498] BUG: KASAN: use-after-free in
edac_remove_sysfs_mci_device+0x148/0x180

It is triggered in edac_remove_sysfs_mci_device().

device_unregister(&dimm->dev) not only removes the sysfs entry, it
also frees the dimm struct in dimm_attr_release(). When incrementing
the loop in mci_for_each_dimm(), the dimm struct is accessed again
which causes the use-after-free. But, the dimm struct shouln'd be
released here already.

edac_remove_sysfs_mci_device() should not release the devices at this
point. We need clean release functions for mci and dimm_info and
refcounts to protect pdev/dev mappings. And mci_for_each_dimm() must
be checked how it handles device removals and if it is safe.

Let's see how this can be fixed.

Thanks for reporting the issue.

Fine, and would any fix also deal with the v5.4 mem leak which I mentioned also?

Cheers,
John

Next message: kungf: "[PATCH] bcache: add REQ_FUA to avoid data lost in writeback mode"
Previous message: ÐÐÑÑÐÐÐÑÐ ÐÐÐÐÐÐÑÑÑÐÑÐÑ: "[no subject]"
Next in thread: Robert Richter: "Re: linuxnext-2019127 edac warns (was Re: edac KASAN warning in experimental arm64 allmodconfig boot)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]