RE: [PATCH] drivers: nvdimm: fix dereference after free

From: Dan Williams
Date: Thu Aug 17 2023 - 11:52:21 EST

Next message: Andy Shevchenko: "Re: [PATCH 2/2] i2c: designware: abort the transfer if receiving byte count of 0"
Previous message: Michael Weiß: "Re: [PATCH RFC 1/4] bpf: add cgroup device guard to flag a cgroup device prog"
In reply to: Dave Jiang: "Re: [PATCH] drivers: nvdimm: fix dereference after free"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ add Kajol ]

Konstantin Meskhidze wrote:
> 'nd_pmu->pmu.attr_groups' is dereferenced in function
> 'nvdimm_pmu_free_hotplug_memory' call after it has been freed. Because in
> function 'nvdimm_pmu_free_hotplug_memory' memory pointed by the fields of
> 'nd_pmu->pmu.attr_groups' is deallocated it is necessary to call 'kfree'
> after 'nvdimm_pmu_free_hotplug_memory'.

Another one that would be fixed by static attribute groups.

I do think we should move forward with these fixes as is for ease of backport,
but long term this dynamically allocated attribute groups approach needs to be
jettisoned. ...unless I am missing a concrete reason it needs to remain dynamic?

Next message: Andy Shevchenko: "Re: [PATCH 2/2] i2c: designware: abort the transfer if receiving byte count of 0"
Previous message: Michael Weiß: "Re: [PATCH RFC 1/4] bpf: add cgroup device guard to flag a cgroup device prog"
In reply to: Dave Jiang: "Re: [PATCH] drivers: nvdimm: fix dereference after free"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]