Re: [PATCH 1/1] iommu/arm-smmu-qcom: Fix use-after-free issue in qcom_smmu_create()

From: Krzysztof Kozlowski
Date: Thu Feb 29 2024 - 12:57:27 EST

Next message: Arthur Grillo: "Re: [PATCH v2 6/9] drm/vkms: Add YUV support"
Previous message: Krzysztof Kozlowski: "Re: [PATCH v5 7/7] arm64: dts: qcom: sc7280: Add DT nodes for the TBUs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 13/02/2024 09:17, Pratyush Brahma wrote:
>
> On 2/13/2024 1:36 PM, Dmitry Baryshkov wrote:
>> On Tue, 13 Feb 2024 at 08:27, Pratyush Brahma <quic_pbrahma@xxxxxxxxxxx> wrote:
>>> Currently, during arm smmu probe, struct arm_smmu_device pointer
>>> is allocated. The pointer is reallocated to a new struct qcom_smmu in
>>> qcom_smmu_create() with devm_krealloc() which frees the smmu device
>>> after copying the data into the new pointer.
>>>
>>> The freed pointer is then passed again in devm_of_platform_populate()
>>> inside qcom_smmu_create() which causes a use-after-free issue.
>>>
>>> Fix the use-after-free issue by reassigning the old pointer to
>>> the new pointer where the struct was copied by devm_krealloc().
>>>
>>> Signed-off-by: Pratyush Brahma <quic_pbrahma@xxxxxxxxxxx>
>> Missing Fixes tag.
> Haven't added as the patchset in-reply-to hasn't been merged to
> linux-next. Please refer my next reply.

Why do you send patches for work being reviewed? Just perform the
review. It looks like you deliberately want to apply bad code just to
fix it a second later!

Best regards,
Krzysztof

Next message: Arthur Grillo: "Re: [PATCH v2 6/9] drm/vkms: Add YUV support"
Previous message: Krzysztof Kozlowski: "Re: [PATCH v5 7/7] arm64: dts: qcom: sc7280: Add DT nodes for the TBUs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]