Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp5561234ybl;
        Tue, 14 Jan 2020 11:01:14 -0800 (PST)
X-Google-Smtp-Source: APXvYqxnr+I9f+GLM1OkWp8fbIsHaAsP/2DSmb4F09crEDTN+ATqXhgInb+jyLhFrxRC5+j9AftU
X-Received: by 2002:aca:dc04:: with SMTP id t4mr17144662oig.51.1579028473919;
        Tue, 14 Jan 2020 11:01:13 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1579028473; cv=none;
        d=google.com; s=arc-20160816;
        b=0hk1fmpe4yH31F409ZS/5RMiLzZhtP8p2MzDgAfdJJuCeYBdhiYqOInDFEoBJXc/29
         xvsUD68KuU259KEnA87lGuhCZyJ2LB+RsVTsgbhIo4DWk4HMumD6q1SnIrABZL7J/gNg
         L0YZB+d95+5u8rTpk+rdYuyR3tVUeMLOxjjFjusr6CKfB7NhgaE8ENt7eQR857AM67EB
         edYTjrG0xUznIG9xWXzLxZGXdDO9txA6fM7zsosH6pKOF2D62sgTgacsTJcU73O6Hdep
         Mt73pwi8cEamaFRHqaIdPFIwaVkdlHue4IFLDbhxDO1XzZ094ZM7kEQt7oKho4g3qbHl
         oeBQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:from:subject:cc:to:message-id:date;
        bh=KmeG4PlfWbZSk8kPahjZ9EODxnSoW0sBbnMmYbeWVeg=;
        b=QG7UCTivf9iDJJvtZ1lTrjmZKO7ii9kA9fITM7YixxfMLUt4keBGygwm5xwYkw7XDS
         7z5zFGGAyyA+sjzhqyNX6mi0DcOKDpPAoOWv+tmGhlhwj/PvQZRdWWDEwHmsHwJe1KcI
         6iYptO4Tb1N3uD9s1bNb1gyT4dV+b+QEx1AVbied/qfIv4V08dwNJP5+dmtXBR1YBAYL
         2YdMIhn/jtACbpDHErK/pV79qzMh3UtZoTM3P1+N8jW2VVSylQpSvG/v9oD8iIL5P5rB
         tw7IXcWGfDeVghv/AY8NfulTELryi86kHmJUg55SwH7BmIm7aN5QsS33TRcAJGzloZbC
         /f0Q==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id d192si7975684oig.21.2020.01.14.11.01.01;
        Tue, 14 Jan 2020 11:01:13 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728801AbgANTAA (ORCPT <rfc822;gklkml16@gmail.com> + 99 others);
        Tue, 14 Jan 2020 14:00:00 -0500
Received: from shards.monkeyblade.net ([23.128.96.9]:46588 "EHLO
        shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726450AbgANS77 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 14 Jan 2020 13:59:59 -0500
Received: from localhost (unknown [63.64.162.234])
        (using TLSv1 with cipher AES256-SHA (256/256 bits))
        (Client did not present a certificate)
        (Authenticated sender: davem-davemloft)
        by shards.monkeyblade.net (Postfix) with ESMTPSA id 90FC21516584B;
        Tue, 14 Jan 2020 10:59:58 -0800 (PST)
Date:   Tue, 14 Jan 2020 10:59:57 -0800 (PST)
Message-Id: <20200114.105957.1581554720765705127.davem@davemloft.net>
To:     vdronov@redhat.com
Cc:     antti.laakso@intel.com, netdev@vger.kernel.org,
        richardcochran@gmail.com, sjohnsto@redhat.com, vlovejoy@redhat.com,
        linux-kernel@vger.kernel.org, artem.bityutskiy@intel.com
Subject: Re: [PATCH] ptp: free ptp device pin descriptors properly
From:   David Miller <davem@davemloft.net>
In-Reply-To: <20200113130009.2938-1-vdronov@redhat.com>
References: <3d2bd09735dbdaf003585ca376b7c1e5b69a19bd.camel@intel.com>
        <20200113130009.2938-1-vdronov@redhat.com>
X-Mailer: Mew version 6.8 on Emacs 26.3
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Tue, 14 Jan 2020 10:59:58 -0800 (PST)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Vladis Dronov <vdronov@redhat.com>
Date: Mon, 13 Jan 2020 14:00:09 +0100

> There is a bug in ptp_clock_unregister(), where ptp_cleanup_pin_groups()
> first frees ptp->pin_{,dev_}attr, but then posix_clock_unregister() needs
> them to destroy a related sysfs device.
> 
> These functions can not be just swapped, as posix_clock_unregister() frees
> ptp which is needed in the ptp_cleanup_pin_groups(). Fix this by calling
> ptp_cleanup_pin_groups() in ptp_clock_release(), right before ptp is freed.
> 
> This makes this patch fix an UAF bug in a patch which fixes an UAF bug.
> 
> Reported-by: Antti Laakso <antti.laakso@intel.com>
> Fixes: a33121e5487b ("ptp: fix the race between the release of ptp_clock and cdev")
> Link: https://lore.kernel.org/netdev/3d2bd09735dbdaf003585ca376b7c1e5b69a19bd.camel@intel.com/
> Signed-off-by: Vladis Dronov <vdronov@redhat.com>

Applied, thank you.