linux-stable/drivers/bus/fsl-mc
Shin'ichiro Kawasaki 928ea98252 bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove()
In fsl_mc_bus_remove(), mc->root_mc_bus_dev->mc_io is passed to
fsl_destroy_mc_io(). However, mc->root_mc_bus_dev is already freed in
fsl_mc_device_remove(). Then reference to mc->root_mc_bus_dev->mc_io
triggers KASAN use-after-free. To avoid the use-after-free, keep the
reference to mc->root_mc_bus_dev->mc_io in a local variable and pass to
fsl_destroy_mc_io().

This patch needs rework to apply to kernels older than v5.15.

Fixes: f93627146f ("staging: fsl-mc: fix asymmetry in destroy of mc_io")
Cc: stable@vger.kernel.org # v5.15+
Signed-off-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
Link: https://lore.kernel.org/r/20220601105159.87752-1-shinichiro.kawasaki@wdc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-06-10 15:53:12 +02:00
..
dpbp.c bus: fsl-mc: remove duplicated include files 2018-12-06 15:53:20 +01:00
dpcon.c bus: fsl-mc: remove duplicated include files 2018-12-06 15:53:20 +01:00
dpmcp.c bus: fsl-mc: change mc_command in fsl_mc_command 2018-03-23 15:52:48 +01:00
dprc-driver.c bus: fsl-mc: fsl-mc-allocator: Rework MSI handling 2021-12-16 22:16:41 +01:00
dprc.c bus: fsl-mc: dprc: Fix a couple of misspelling and formatting issues 2021-06-17 13:44:32 +02:00
fsl-mc-allocator.c bus: fsl-mc: fsl-mc-allocator: Rework MSI handling 2021-12-16 22:16:41 +01:00
fsl-mc-bus.c bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() 2022-06-10 15:53:12 +02:00
fsl-mc-msi.c bus: fsl-mc-msi: Fix MSI descriptor mutex lock for msi_first_desc() 2022-04-27 19:42:32 +02:00
fsl-mc-private.h bus/fsl-mc: Add generic implementation for open/reset/close commands 2021-09-28 16:56:05 -06:00
fsl-mc-uapi.c bus: fsl-mc: list more commands as accepted through the ioctl 2021-02-09 10:56:39 +01:00
Kconfig bus: fsl-mc: add fsl-mc userspace support 2021-01-27 15:13:52 +01:00
Makefile bus/fsl-mc: Add generic implementation for open/reset/close commands 2021-09-28 16:56:05 -06:00
mc-io.c bus: fsl-mc: mc-io: Correct misdocumentation of 'dpmcp_dev' param 2021-06-17 13:44:33 +02:00
mc-sys.c bus: fsl-mc: mc-sys: Supply missing function names in kernel-doc headers 2021-06-17 13:44:32 +02:00
obj-api.c bus/fsl-mc: Add generic implementation for open/reset/close commands 2021-09-28 16:56:05 -06:00