| Message ID | 20240520021934.113877-1-suhui@nfschina.com (mailing list archive) |
|---|---|
| State | Rejected, archived |
| Headers | show |
| Series | platform/x86: ISST: fix use after free problem in tpmi_sst_dev_remove() | expand |
Hi Su Hui, On 20/05/24 07:49, Su Hui wrote: > clang static checker (scan-build) warning: > drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c:1614:24: > Use of memory after it is freed. > > Using 'tpmi_sst->package_id' after releasing 'tpmi_sst' causes this > problem. Change the order of releasing 'tpmi_sst' to fix this. > This is fixed by me already. Ref: https://lore.kernel.org/all/9293c51c7d502843bfff90c5664be00bfe112e8d.camel@linux.intel.com/ Thanks, Harshit > Fixes: 9d1d36268f3d ("platform/x86: ISST: Support partitioned systems") > Signed-off-by: Su Hui <suhui@nfschina.com> > --- > drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c b/drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c > index 7bac7841ff0a..7fa360073f6e 100644 > --- a/drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c > +++ b/drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c > @@ -1610,8 +1610,8 @@ void tpmi_sst_dev_remove(struct auxiliary_device *auxdev) > tpmi_sst->partition_mask_current &= ~BIT(plat_info->partition); > /* Free the package instance when the all partitions are removed */ > if (!tpmi_sst->partition_mask_current) { > - kfree(tpmi_sst); > isst_common.sst_inst[tpmi_sst->package_id] = NULL; > + kfree(tpmi_sst); > } > mutex_unlock(&isst_tpmi_dev_lock); > }
diff --git a/drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c b/drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c index 7bac7841ff0a..7fa360073f6e 100644 --- a/drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c +++ b/drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c @@ -1610,8 +1610,8 @@ void tpmi_sst_dev_remove(struct auxiliary_device *auxdev) tpmi_sst->partition_mask_current &= ~BIT(plat_info->partition); /* Free the package instance when the all partitions are removed */ if (!tpmi_sst->partition_mask_current) { - kfree(tpmi_sst); isst_common.sst_inst[tpmi_sst->package_id] = NULL; + kfree(tpmi_sst); } mutex_unlock(&isst_tpmi_dev_lock); }
clang static checker (scan-build) warning: drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c:1614:24: Use of memory after it is freed. Using 'tpmi_sst->package_id' after releasing 'tpmi_sst' causes this problem. Change the order of releasing 'tpmi_sst' to fix this. Fixes: 9d1d36268f3d ("platform/x86: ISST: Support partitioned systems") Signed-off-by: Su Hui <suhui@nfschina.com> --- drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)