Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp411105pxf; Thu, 11 Mar 2021 06:48:40 -0800 (PST) X-Google-Smtp-Source: ABdhPJwKM7JduUzi9gxjRBEaNpJZqjkaJZ2DCkxPSgkXvOLIOvt7WK5d9zEh7nIHQHzWi5ShoWpz X-Received: by 2002:a05:6402:8d7:: with SMTP id d23mr9074040edz.256.1615474119783; Thu, 11 Mar 2021 06:48:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1615474119; cv=none; d=google.com; s=arc-20160816; b=oYL5oxMCiWK8V9hJmypEcyamagQAUjWOiXxXNyXR88Qj4xqADUhYlqh1fOAs28dEF/ hLY6cL0z0DqdWZTmKieGMk2g8KjmZWyZjKA+YUBCfMTZM6h3pceo2q5r7qwXzAJNWUiQ 2HuOdAuLxQIC2YHfETD8wfutdezSWnB1gupwgADvyoRcqkd/R0K6y06+7af86rVmauKx nFoX+Q+Udw3QwREysnDcqUkG5huBrroMILmgfALFilyjlKDfNVblfYIfGBEiRzl9iYsB grxkx+zrtGC1AFLsduiF3j+6l6YSAvrokOrrCu/uKAfN31Nz8me6mXfGO6GacOUvW0hr BE0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=WAsuQjpf+/JhUAJoA6HUw/xzMiy7p5e2gW3ZZQvzL2c=; b=R000tbfVvqmo+bggxsg44+nRG9NPDW3GorEoB8159uX+va7vIVYSk6/wXZwXWNLTgK q/fvor0WPtYAlfw873cHD29DrnqorJ+ZeejuRAiBJYOYS0nrlRdO5Y19uVLmxkhHuBGG CIFaSG4KAuTm+fRig3CTJgpXmmlT6T/Y2e7S9JezbnywVdXp2bdTYsq8w+mPLYGEjs2L 3+k26VB3bfatPosTOo8TQxRJsD3OJCF4V3oxgcMKSUnx6839R84IK2mf/3u92dv2ssD5 ohS3iqYfvRPfQN/Xgn5UQH6/MMZM5nqU6qZ3I9HF6yzkVYppdAefQcGA/XEqDvmNAhnU KXBg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id hb37si1859158ejc.81.2021.03.11.06.48.16; Thu, 11 Mar 2021 06:48:39 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233751AbhCKOq7 (ORCPT + 99 others); Thu, 11 Mar 2021 09:46:59 -0500 Received: from mail-pl1-f174.google.com ([209.85.214.174]:33970 "EHLO mail-pl1-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233608AbhCKOqr (ORCPT ); Thu, 11 Mar 2021 09:46:47 -0500 Received: by mail-pl1-f174.google.com with SMTP id ba1so10318808plb.1 for ; Thu, 11 Mar 2021 06:46:47 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=WAsuQjpf+/JhUAJoA6HUw/xzMiy7p5e2gW3ZZQvzL2c=; b=NOWb/9QvmsnLZmcmxr3VONr0d2ONtNGQxtoi9Pkxb+wHrRwEmn9jnYvNZCZDiJZeh3 I0bzWlPkqcM8A4w3EqHlVVpg0o1053ydGUZT6zJE3srp1YJiNCrPYS3zRZufdrai2Mm6 E2nKIkTXvSOYJt2+xfwoeam+15elNCHMCG8ehtQ7cARTzQlabl0vv1m374iDXh+Q/rjm PRXDGvuNzKgXPUH4+9aUNrIw5dfA6fCGguqvXoZfQOQ8QoQJPGXx+kK2axACAfiCZ0Dm rnhvJUP0ZStAOMaY1g/pxYAvYVbjXmh9r89/eRZmvBBkVvvrjX6klFUiSTy2Ru9aFt/Q 9OnA== X-Gm-Message-State: AOAM533CUTudMOTGp9X8ij1mYlFos59ee8UyNPgSw9wzgH07crg5oeRe cJv3PDQMDsTs116jdMDDhaAh5lLQXR0g6A== X-Received: by 2002:a17:90b:4c4d:: with SMTP id np13mr9484452pjb.81.1615474007449; Thu, 11 Mar 2021 06:46:47 -0800 (PST) Received: from 42.do-not-panic.com (42.do-not-panic.com. [157.230.128.187]) by smtp.gmail.com with ESMTPSA id 10sm2638348pfp.4.2021.03.11.06.46.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Mar 2021 06:46:46 -0800 (PST) Received: by 42.do-not-panic.com (Postfix, from userid 1000) id 81EA04024E; Thu, 11 Mar 2021 14:46:45 +0000 (UTC) Date: Thu, 11 Mar 2021 14:46:45 +0000 From: Luis Chamberlain To: lyl2019@mail.ustc.edu.cn Cc: linux-kernel@vger.kernel.org Subject: Re: Re: Re: [PATCH] lib/test_kmod: Fix a use after free in register_test_dev_kmod Message-ID: <20210311144645.GU4332@42.do-not-panic.com> References: <20210311080246.11635-1-lyl2019@mail.ustc.edu.cn> <20210311130108.GS4332@42.do-not-panic.com> <17bb31cd.cc46.178217c9344.Coremail.lyl2019@mail.ustc.edu.cn> <20210311135833.GT4332@42.do-not-panic.com> <7c27e8b5.cf02.17821bb6891.Coremail.lyl2019@mail.ustc.edu.cn> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7c27e8b5.cf02.17821bb6891.Coremail.lyl2019@mail.ustc.edu.cn> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Mar 11, 2021 at 10:40:33PM +0800, lyl2019@mail.ustc.edu.cn wrote: > So, register_test_dev_kmod() will return a valid and freed test_dev, and cause use after free > in function test_kmod_init(). Without looking at the details, in trying to improve the commit log further: Is there a way you can reproduce a real world UAF and crash? If not why not? What is the risk of not merging this commit into the kernel tree. This information is useful for folks to evaluate whether or not users of this module might want to merge this and/or backport it into their testing kernel. If chances of this happening are 0, then this just a theoretical issue. Luis