Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753913AbdHUOgA (ORCPT ); Mon, 21 Aug 2017 10:36:00 -0400 Received: from mailout2.samsung.com ([203.254.224.25]:45184 "EHLO mailout2.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751654AbdHUOf6 (ORCPT ); Mon, 21 Aug 2017 10:35:58 -0400 X-AuditID: b6c32a46-f790d6d000003bf5-d1-599aefcc0fe4 From: Bartlomiej Zolnierkiewicz To: Anton Vasilyev Cc: Bernie Thompson , linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org, ldv-project@linuxtesting.org Subject: Re: [PATCH] video: fbdev: udlfb: Fix use after free on dlfb_usb_probe error path Date: Mon, 21 Aug 2017 16:35:53 +0200 Message-id: <11058144.rdDtSpvBf3@amdc3058> User-Agent: KMail/4.13.3 (Linux/3.13.0-96-generic; KDE/4.13.3; x86_64; ; ) In-reply-to: <1502456341-1783-1-git-send-email-vasilyev@ispras.ru> MIME-version: 1.0 Content-transfer-encoding: 7Bit Content-type: text/plain; charset="us-ascii" X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrMIsWRmVeSWpSXmKPExsWy7bCmqe6Z97MiDT6fF7O4eP8bi8Xy7i4W ixN9H1gtLu+aw2bRPT/HgdVjxr+pjB53Xv9l9Xg6tYvN4/MmuQCWKC6blNSczLLUIn27BK6M Q2+jClayVKza18HSwHiQuYuRk0NCwETizeEbULaYxIV769m6GLk4hAR2MEoc3HqVCcL5zijx d/lOFpiOht9v2UBsIYHdjBLnj1dBFH1llJj+bCMjSIJNwEpiYvsqMFtEQF1i6oMmsBXMAi2M Eu+7HbsYOTiEBaIllq9NAjFZBFQlei76gFTwCmhJ/Fn7iwnEFhXwktiyrx3M5hRwkjjXtoQZ okZQ4sfkeywQE+Ul9u2fygph60icPbaOEeQcCYEVbBJTp0xhBZkvIeAicbxfC+J8YYlXx7ew Q9jSEs9WQVwsITCdUWL7bwmI3s2MEqt2T4AqspY4fPwi1AI+iY7Df9khZvJKdLQJQZR4SBzu PMIEYTtKPL84iRUSPFMZJU6u0Z7AKDcLydmzkJw9C8nZCxiZVzGKpRYU56anFhsVGOkVJ+YW l+al6yXn525iBCcFLbcdjEvO+RxiFOBgVOLhFXgzK1KINbGsuDL3EKMEB7OSCO/BPUAh3pTE yqrUovz4otKc1OJDjNIcLErivHXbrkUICaQnlqRmp6YWpBbBZJk4OKUaGFUybcvPP1GqjHgo HnWVo4U1wPrdNK5Vhv1HhRQMWZ+d27BE2LUw9MT//69SVYI/JiT3b3ztEHQkwezjrulRb90K rsY7Ryr821rl9Plgzp7SHRee5q6acnxeTLBlhrj8vPiHixJvPhDQzm2O196Rc1nNd0m4gVVY ngD7nXsHfHJYDzvuuLhwvRJLcUaioRZzUXEiAC0d++4GAwAA X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrMLMWRmVeSWpSXmKPExsVy+t9jAd0z72dFGkzfwGNx8f43Fovl3V0s Fif6PrBaXN41h82ie36OA6vHjH9TGT3uvP7L6vF0ahebx+dNcgEsUVw2Kak5mWWpRfp2CVwZ h95GFaxkqVi1r4OlgfEgcxcjJ4eEgIlEw++3bF2MXBxCAjsZJZ4camWEcL4yStzfuYMNpIpN wEpiYvsqRhBbREBdYuqDJmaQImaBFkaJx9uXsYIkhAWiJaYcuMbSxcjBwSKgKtFz0QckzCug JfFn7S8mEFtUwEtiy752MJtTwEniXNsSsCuEBKYzSrRft4aoF5T4MfkeC4jNLCAvsW//VFYI W0ti/c7jTBMY+WchKZuFpGwWkrIFjMyrGCVTC4pz03OLjQqM8lLL9YoTc4tL89L1kvNzNzEC g3bbYa3+HYyPl8QfYhTgYFTi4RV4MytSiDWxrLgy9xCjBAezkgjvwT1AId6UxMqq1KL8+KLS nNTiQ4zSHCxK4ryZfTMihQTSE0tSs1NTC1KLYLJMHJxSDYzlyhwvX4TdWNN6xncCbyNbuh/r 2VT1Rsn0KZKXdmnV+pyNvzVn3qwXjSUFMxPTv6vaLvm5jdfJ3nkm72r1ubtLBQRDrjXVrXdd 4pSZm1DgdD2ks+3j85p6KVNx/f/HeT/yhz2L5DnAVMm65UhS4+UnDE7Jv7fGNZyqKpKXK92u 4F9eErzXW4mlOCPRUIu5qDgRAIKnoNVWAgAA X-CMS-MailID: 20170821143556epcas2p3dcd4a8e591c24c2f1410595135dfff00 X-Msg-Generator: CA X-Sender-IP: 182.195.42.143 X-Local-Sender: =?UTF-8?B?QmFydGxvbWllaiBab2xuaWVya2lld2ljehtTUlBPTC1LZXJu?= =?UTF-8?B?ZWwgKFRQKRvsgrzshLHsoITsnpAbU2VuaW9yIFNvZnR3YXJlIEVuZ2luZWVy?= X-Global-Sender: =?UTF-8?B?QmFydGxvbWllaiBab2xuaWVya2lld2ljehtTUlBPTC1LZXJu?= =?UTF-8?B?ZWwgKFRQKRtTYW1zdW5nIEVsZWN0cm9uaWNzG1NlbmlvciBTb2Z0d2FyZSBF?= =?UTF-8?B?bmdpbmVlcg==?= X-Sender-Code: =?UTF-8?B?QzEwG0VIURtDMTBDRDAyQ0QwMjczOTI=?= CMS-TYPE: 102P X-CMS-RootMailID: 20170811125917epcas4p1201e8047f04655c0cade9d0b92c0fd30 X-RootMTR: 20170811125917epcas4p1201e8047f04655c0cade9d0b92c0fd30 References: <1502456341-1783-1-git-send-email-vasilyev@ispras.ru> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 533 Lines: 18 On Friday, August 11, 2017 03:59:01 PM Anton Vasilyev wrote: > If dlfb_usb_probe drops to error path then there is only one > kref_init() call and no kref_get(), so second kref_put() leads to > use after free. > > The patch removes superfluous kref_put on dlfb_usb_probe error path. > > Found by Linux Driver Verification project (linuxtesting.org). > > Signed-off-by: Anton Vasilyev Patch queued for 4.14, thanks. Best regards, -- Bartlomiej Zolnierkiewicz Samsung R&D Institute Poland Samsung Electronics