Re: [PATCH v3 06/15] arm64: dts: qcom: sc8280xp: Fix the base addresses of LLCC banks
From: Manivannan Sadhasivam
Date: Wed Dec 21 2022 - 00:55:53 EST
On Wed, Dec 21, 2022 at 12:55:03AM +0100, Borislav Petkov wrote:
> On Tue, Dec 20, 2022 at 03:22:07PM +0530, Manivannan Sadhasivam wrote:
> > This is a genuine use-after-free bug that happens because the edac core frees
> > the memory assigned to "llcc_driv_data" pointer that gets passed as "pvt_info".
> >
> > Here, the LLCC driver is one creating the "qcom_llcc_edac" platform device and
> > also allocating memory for "llcc_driv_data". But since during qcom_edac driver
> > removal, we are just unregistering the driver and the platform device still
> > stays around, the edac driver is not supposed to free any memory associated
> > with the platform device.
>
> If you mean
>
> __edac_device_free_ctl_info()
>
> it is very well supposed to free it as it allocates it in
> edac_device_alloc_ctl_info().
>
> If qcom_llcc_edac_probe() simply goes and assigns something of its own
> to edev_ctl->pvt_info, then that driver gets to keep the pieces ofc.
>
Right. It is the issue of the qcom driver from the start.
Thanks,
Mani
> --
> Regards/Gruss,
> Boris.
>
> https://people.kernel.org/tglx/notes-about-netiquette
--
மணிவண்ணன் சதாசிவம்