Re: [PATCH] ptp: free ptp device pin descriptors properly

From: Richard Cochran
Date: Mon Jan 13 2020 - 23:29:42 EST

Next message: Viresh Kumar: "Re: [PATCH] cpufreq: intel_pstate: fix spelling mistake: "Whethet" -> "Whether""
Previous message: Arvind Sankar: "Re: [PATCH] x86/tools/relocs: Add _etext and __end_of_kernel_reserve to S_REL"
In reply to: Vladis Dronov: "[PATCH] ptp: free ptp device pin descriptors properly"
Next in thread: David Miller: "Re: [PATCH] ptp: free ptp device pin descriptors properly"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jan 13, 2020 at 02:00:09PM +0100, Vladis Dronov wrote:
> There is a bug in ptp_clock_unregister(), where ptp_cleanup_pin_groups()
> first frees ptp->pin_{,dev_}attr, but then posix_clock_unregister() needs
> them to destroy a related sysfs device.
>
> These functions can not be just swapped, as posix_clock_unregister() frees
> ptp which is needed in the ptp_cleanup_pin_groups(). Fix this by calling
> ptp_cleanup_pin_groups() in ptp_clock_release(), right before ptp is freed.
>
> This makes this patch fix an UAF bug in a patch which fixes an UAF bug.
>
> Reported-by: Antti Laakso <antti.laakso@xxxxxxxxx>
> Fixes: a33121e5487b ("ptp: fix the race between the release of ptp_clock and cdev")
> Link: https://lore.kernel.org/netdev/3d2bd09735dbdaf003585ca376b7c1e5b69a19bd.camel@xxxxxxxxx/
> Signed-off-by: Vladis Dronov <vdronov@xxxxxxxxxx>

Acked-by: Richard Cochran <richardcochran@xxxxxxxxx>

Next message: Viresh Kumar: "Re: [PATCH] cpufreq: intel_pstate: fix spelling mistake: "Whethet" -> "Whether""
Previous message: Arvind Sankar: "Re: [PATCH] x86/tools/relocs: Add _etext and __end_of_kernel_reserve to S_REL"
In reply to: Vladis Dronov: "[PATCH] ptp: free ptp device pin descriptors properly"
Next in thread: David Miller: "Re: [PATCH] ptp: free ptp device pin descriptors properly"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]