Re: [PATCH] software node: Prevent link creation failure from causing kobj reference count imbalance
From: Andy Shevchenko
Date: Mon Apr 14 2025 - 02:27:25 EST
On Mon, Apr 14, 2025 at 09:20:30AM +0300, Andy Shevchenko wrote:
> On Fri, Apr 11, 2025 at 08:42:02AM +0800, Lizhi Xu wrote:
> > syzbot reported a uaf in software_node_notify_remove. [1]
> >
> > When any of the two sysfs_create_link() in software_node_notify() fails,
> > the swnode->kobj reference count will not increase normally, which will
> > cause swnode to be released incorrectly due to the imbalance of kobj reference
> > count when executing software_node_notify_remove().
> >
> > Increase the reference count of kobj before creating the link to avoid uaf.
> >
> > [1]
>
> Please, reduce this to ~5-7 lines only. This is how Submitting Patches document
> recommends to put backtraces in the commit messages:
> https://www.kernel.org/doc/html/latest/process/submitting-patches.html#backtraces-in-commit-messages
>
> > Fixes: 9eb59204d519 ("iommufd/selftest: Add set_dev_pasid in mock iommu")
> > Reported-by: syzbot+2ff22910687ee0dfd48e@xxxxxxxxxxxxxxxxxxxxxxxxx
> > Closes: https://syzkaller.appspot.com/bug?extid=2ff22910687ee0dfd48e
>
> > Tested-by: syzbot+2ff22910687ee0dfd48e@xxxxxxxxxxxxxxxxxxxxxxxxx
>
> Where is the positive result of it? I can't find the respective log.
> To me this one
> https://syzkaller.appspot.com/x/report.txt?x=158af070580000
> doesn't sound as a useful report as I don't know if this patch fixes one
> regression and introduced another.
>
> Dmitry?
Code wise makes sense to me. We do the put in asymmetrical order.
Thanks for looking into it.
--
With Best Regards,
Andy Shevchenko