Received: by 2002:a05:6a10:a841:0:0:0:0 with SMTP id d1csp764531pxy; Wed, 21 Apr 2021 14:34:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzclq3lXdchziGiCwffI4KvPBSEhyks73Uu8+OSEosT9xLzBrOhTD+yhiaXlF6LPrPbBnDl X-Received: by 2002:a17:906:2546:: with SMTP id j6mr15868979ejb.51.1619040840401; Wed, 21 Apr 2021 14:34:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619040840; cv=none; d=google.com; s=arc-20160816; b=m2n2JWFzwX6esrCEXRyfIYRWFLcCJMfjlldF7bCQHzbO4miHj0SJWh7r3AKxPV7d85 RI4ZrIYyy53Y5t/YGN1wTNWY6/PzB8msgwekBGa9VX6JQgsuuxGJAjQpAVSn3qM7uSNm yo7rQEZ/ElGN3UiNCROwkAkgUkB4Jn/R72kHPp29F87p7ymnWln+Z4X6T7fhCVn/EaSN 0cM8Q/IQ2bG2wvfP/clywdTTCtYAk95H2ezuOhzk2orFOl3Wctodg6gKBvHbTvWhIXeo Sk6UFKOCfW1LzgVU3kPx+6b1gJH5SDbFpNWcWcycozl1Pmf1C/4kmwNjU5hfxClyLXK4 vXxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:user-agent:references:message-id :in-reply-to:subject:cc:to:from:date:dkim-signature; bh=JtYZh+e9sQYzvy4YcbVKCILrMoDiY1RaYKmwx+3s1Ow=; b=zSijPXbeha2gJnrYMq8q+cwzjgz029430jKiulbwnHCcwB4yrbvLBlPPu/h6nJLzjf 4TJSV4hD4CY+AZ2BYkUxdRoVWWrFQvXafc7cftgnv2Q7noeF5/nyHvAO2vf6z09jcw2D HMi5QKtfEiQKPQS4s0A++lSCh5wtK04gIdNTiMnrXuEH0yRzVq7xfNNrIb7pVHJ7M1Fh vFfjxCnsN/1dMMXPQyWPAnrh/hiKOgPfUfzMkdU8CeVruUsbVqgDkxyy4IL9z9b+HFKB +x0MXYlagRWRPzLMNJn7xlmLM2DO0AsFwKS6r7lfYx+9Sg3QTWL3zUUTqwFm7UrmBwHu T+ag== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Or58hK3b; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b13si522482ede.310.2021.04.21.14.33.36; Wed, 21 Apr 2021 14:34:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Or58hK3b; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243292AbhDUPrv (ORCPT + 99 others); Wed, 21 Apr 2021 11:47:51 -0400 Received: from mail.kernel.org ([198.145.29.99]:36344 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240048AbhDUPrv (ORCPT ); Wed, 21 Apr 2021 11:47:51 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id F30A261445; Wed, 21 Apr 2021 15:47:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1619020037; bh=ADTV+2h6AZ8fKKS3l4lFTCAnpRDEK/9+OLIwZNY1akQ=; h=Date:From:To:cc:Subject:In-Reply-To:References:From; b=Or58hK3bVfF84OafrCR9LKKSSklvRg0tJwSU2jAAiLddYluGkozt4YNXM5HfY9+/l IysiIshJHG650Sch09e0oUh1wOjFN0tDHPJUoY01qFmeETcDKuxi6A8xahnv4Dn9PO K4ledSjyCfIH+tFQmqyjxdtc9/H4xKKIgvvwnMU5TThSnVBQb9jsm3UoQZ5XRH2BIU VVLB06Izd+mryp2JC3EncqfrwuqFxClGvhaj6Bb4cawO7oUaAxsF3MseoMWnbGoQRV r8PBIVnzX9nELU6esiZ4vFyh1RO7yCM5vvRHLwgVnU1zCZF7cB+QaWnlFgAQw8iXnO Rn/4OVpR7/0aw== Date: Wed, 21 Apr 2021 17:47:10 +0200 (CEST) From: Jiri Kosina To: Qiushi Wu cc: Kangjie Lu , Guenter Roeck , Greg Kroah-Hartman , open list , Linus Torvalds , Aditya Pakki , x86@kernel.org, Bjorn Helgaas , "Rafael J. Wysocki" , Arnd Bergmann , David Airlie , Michael Turquette , Bjorn Andersson , Linus Walleij , Bartosz Golaszewski , Daniel Vetter , Jean Delvare , Will Deacon , Laurent Pinchart , Jakub Kicinski , "David S. Miller" , Johan Hovold , Jiri Slaby , Pablo Neira Ayuso , Johannes Berg , Takashi Iwai Subject: Re: [PATCH 000/190] Revertion of all of the umn.edu commits In-Reply-To: Message-ID: References: <20210421130105.1226686-1-gregkh@linuxfoundation.org> <4afeeb49-620d-5a9d-29fc-453f6118a944@roeck-us.net> User-Agent: Alpine 2.21 (LSU 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 21 Apr 2021, Qiushi Wu wrote: > The function description of "kobject_init_and_add()" mentioned that "If > this function returns an error, kobject_put() must be called to properly > clean up the memory associated with the object." (see > https://elixir.bootlin.com/linux/v5.12-rc8/source/lib/kobject.c#L464) So > we use this patch to fix the issue, and I may miss some context here, > but I don't see why this cause some issue like NULL dereferences. > > The identification methodology for this bug and other similar bugs that > are error-handling related, is shown in "Understanding and Detecting > Disordered Error Handling with Precise Function Pairing." > (https://www.usenix.org/conference/usenixsecurity21/presentation/wu-qiushi) You are calling kobject_put() if kobject_init_and_add() fails. That will in turn invoke pci_slot_release() which will try to delete slot->list, but that hasn't been initialized yet. Fixed in 4684709bf8, present in two major Linux kernel releases. -- Jiri Kosina SUSE Labs