Received: by 2002:a05:6a10:17d3:0:0:0:0 with SMTP id hz19csp215396pxb; Fri, 16 Apr 2021 03:57:33 -0700 (PDT) X-Google-Smtp-Source: ABdhPJytHFpzJ7lubNcNuwXpSyn7qrglJZJahSLVjPslnJLlwhyS7sVsDcLhYXg5cgYNVqRjAjdY X-Received: by 2002:a17:90a:4890:: with SMTP id b16mr642718pjh.33.1618570653647; Fri, 16 Apr 2021 03:57:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1618570653; cv=none; d=google.com; s=arc-20160816; b=M1BeMPM1eu412zoP/cMw9hpW0cnKRkO40lj2HG0XR0At5C1d+FFYcQZ1CXfJ5GM3Vi 2nNVUIX5h9n1eoQHXTFZl7TFn1yeHMnKni9GZ8EASL0tBDe4Bf4QD4Ancc2YFU5n+zbn kEeSqi3WBzvvlHypKnm+6xXKUdxuwyNyZAy55AxC1BUSi+56amraJ74OOioUMzmGHsSk kuFqcTrxr6g2HQzST3P8ZlBE1R2xWPSNYXf2PlA62k6DBZ400D5an32wwB6niMKUWd5a /a0KCilYjKfAxq/9tnks1mbXoHZGRU76yHW6bg4UbhvoYBGbK5M9WxCRRIqk1lkKIyM5 72ZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=P+A7eG2xptzjgbsbSvyXQfGCX8bfwC+5K1b6fy+53iQ=; b=fOCNjGf5N+DP0HSVi8O5WkS30SD643JDmKwYInNPSl91gGEsarFSKesMV7Lcy/yb8F VBHZ2otNu/TlmImyQ9bEH6PqE80+eC1gC6G6aKU3mbmpAY9iq0BC3Y9VpPWHg+NUwp3d 6j+w9BdBTSLY6ZRoOtxjhIKraR75bKrkh+XdLJCshlux0CwOPVf8X7SBOBOhT3dKlvhr bFtB1HM3bALa3w+0oVNkazrQmCEszW6J2/EE9wzl7u8Nh19b8HbiXHtkxtDBHcghtxYa 88ZUKgDZcEpL6vyKja9nOgH2H5kkpGCIdlq6eGaEawBDK3D7lXiTnPz1ibcioeWaRc9U EQFg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r11si6513752pls.436.2021.04.16.03.57.21; Fri, 16 Apr 2021 03:57:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240039AbhDPKhx (ORCPT + 99 others); Fri, 16 Apr 2021 06:37:53 -0400 Received: from mail-wr1-f53.google.com ([209.85.221.53]:37494 "EHLO mail-wr1-f53.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235292AbhDPKhv (ORCPT ); Fri, 16 Apr 2021 06:37:51 -0400 Received: by mail-wr1-f53.google.com with SMTP id j5so25245731wrn.4; Fri, 16 Apr 2021 03:37:26 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=P+A7eG2xptzjgbsbSvyXQfGCX8bfwC+5K1b6fy+53iQ=; b=Y6garCGQTPPG41ejLOvvlBwxXwJjtNGp9A2eI9LcX8wSDofcSNe88dS6EXSIZaycR7 dvb/CRIAd6N93BaiaF466cVmaHJFoZNbeAYqYn1puZNLpVdOGeO1G2fH9IyFhSn2j6uv 6iL2023QT+WQPWn8GpbYwy9ik6Jxse1nZROR16fA4gp71c6TSpLhADVzqVhOvCyb10ML 3L5nHMVSxROkoW60ditxaPTXiEsKFGCidcedkI+W1mfNqE0Z5ECx8TaNguA+13LX9wCQ 30mexfAnOHNnaOBowPFn0DRNSBL5diLLwyMBFfbXGSTp6qOZmNyKxpZP+3VOEMCErUP4 mdlQ== X-Gm-Message-State: AOAM532cynuRnyR/CmHkilC2DIGBV10WNjTJS4lnVIh17dr8kmjyDuT5 SjYHo0Wlw6xgbA8rtAwrNEHWXqzKyh4= X-Received: by 2002:a5d:6c62:: with SMTP id r2mr3159155wrz.37.1618569445807; Fri, 16 Apr 2021 03:37:25 -0700 (PDT) Received: from liuwe-devbox-debian-v2 ([51.145.34.42]) by smtp.gmail.com with ESMTPSA id g84sm8528560wmf.30.2021.04.16.03.37.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 16 Apr 2021 03:37:25 -0700 (PDT) Date: Fri, 16 Apr 2021 10:37:24 +0000 From: Wei Liu To: Andrea Parri Cc: Dan Carpenter , "K. Y. Srinivasan" , Haiyang Zhang , Stephen Hemminger , Wei Liu , Greg Kroah-Hartman , Dexuan Cui , linux-hyperv@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: Re: [PATCH] Drivers: hv: vmbus: Use after free in __vmbus_open() Message-ID: <20210416103724.f3unhyu72pbp2qr3@liuwe-devbox-debian-v2> References: <20210413154221.GA2369@anparri> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210413154221.GA2369@anparri> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 13, 2021 at 05:42:21PM +0200, Andrea Parri wrote: > On Tue, Apr 13, 2021 at 01:50:04PM +0300, Dan Carpenter wrote: > > The "open_info" variable is added to the &vmbus_connection.chn_msg_list, > > but the error handling frees "open_info" without removing it from the > > list. This will result in a use after free. First remove it from the > > list, and then free it. > > > > Fixes: 6f3d791f3006 ("Drivers: hv: vmbus: Fix rescind handling issues") > > Signed-off-by: Dan Carpenter > > I had this 'queued' in my list, > > Reviewed-by: Andrea Parri Applied. Thanks.