Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp202081iob; Mon, 2 May 2022 17:05:10 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzO3rZWX9z9jKlQwgbjWkZi+7ZU1BeB5GgQpTSFHAhQxRRQLDAEEzLN7R6nz2l3pcwoyexU X-Received: by 2002:a17:902:ba8c:b0:14f:d9b7:ab4 with SMTP id k12-20020a170902ba8c00b0014fd9b70ab4mr14143218pls.23.1651536310547; Mon, 02 May 2022 17:05:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1651536310; cv=none; d=google.com; s=arc-20160816; b=oVi+DWV/3l76wBvxeIF1vskZJTYxhHzvB6hev7j8OCDXCIC22b+csgHjs3M5I4jX8+ D1FTE8Z7xuKOxAJ1AhnuC+6foOmcKNSREJtsluXpw4+LF/MJotzZ2eXzLeD1EzU60rxP 0aQiwZ57W1t7PFMS6/N0n1rG3XRej/MWYK29n9xSDPy6r5IZJFMpVNDsRPM8Xsx4Knwt cGH1oPV0pcJ4oy+wpXvnjczcIfnC7A5NSwliQS5UH1oKiTcR8h/L32q3NWt9aumbYgU+ eEoYm2CuL2aRH/9rJ5bn0sKw3DnUfA5Q9tDnW6PjD82DfWUMQQfXWzEHRHRNKg8YqO65 tg/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=oRYjqMRZBx6hIjWxodWB3LT55X08sPgm/6Z0ApI/JqQ=; b=eMK2b7jRgN6feLDbL/tfvt+T8IX2n6ID1e7eMqwweJfkx0JZqCz5Ry+GfXwEG2ggj5 22/3HjbZw/EBYGVGdESAw8wtkF3qBPj5DzQFjAFrRx3KoWB9tW3WOuzlXPVD06kwFmYS luoI+N/Hk2ZAKzl3dwDHmdFl0zqXi1A7uNbA1po7c2UFLZutal1D6F8rLn3A7wo//6+3 2Jflhel5CkkHkZCgBxfu+oUt8LG2P6zqd5IY6zEdGgnrnh78ChVXl2aigfGLwbNoSLyk ULYLsrP0X0peqoZ6kfr7o8A7o0Mox0k1eLWezLS2Mza/YzNaU+jh1yXyqFFRbXiFaEyX CeNQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=I15MgOFM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id j9-20020a056a00130900b0050d3e4009easi14968166pfu.125.2022.05.02.17.05.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 May 2022 17:05:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=I15MgOFM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id E794F34B8E; Mon, 2 May 2022 17:04:59 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1387562AbiEBVGk (ORCPT + 99 others); Mon, 2 May 2022 17:06:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47960 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1387547AbiEBVGd (ORCPT ); Mon, 2 May 2022 17:06:33 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CBA92BCB3; Mon, 2 May 2022 14:03:03 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 872B9B819C2; Mon, 2 May 2022 21:03:02 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 923F0C385AC; Mon, 2 May 2022 21:03:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1651525381; bh=OmovROpG4S6hvHwAvxQX6xMhTJmXgyXS4ghxPMNiaiU=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=I15MgOFM4oj9/LTAyswDzWSeXxqjehqxQmAwH8O8aqnF0oM4Ii2PK9dcozaFqXU5P /XM0JZsq3xtllSe8z11uErXRoIo06+IDxqdfsJ041G3qGgqVGgXr4JnBDFQdlTbtR0 8215YvziMKI61ukRgkKdqjqA5qWPs18KKAstGRKWTVQ7ZAfr5xkh/2ogsQkL/Rvkpi /aeZC4d9FQCPAeFD169ZDzO8hMmQlT1dIumhLISSu5OVSl3OAEDI2gtcoJDZMpd6bx tbcppuwbQ9iKgt15tVECfaN0Fvd8FWq5dXoQyIqYXiIoKMYegFriTQak2D1SDK2JII 6+LTqpehVonQg== Message-ID: <96911abe-c1c6-42a4-322e-d7b06dae0c8e@kernel.org> Date: Mon, 2 May 2022 16:02:59 -0500 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0 Subject: Re: [RESEND][PATCH] firmware: stratix10-svc: fix a missing check on list iterator Content-Language: en-US To: Xiaomeng Tong Cc: gregkh@linuxfoundation.org, richard.gong@intel.com, atull@kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org References: <20220414035609.2239-1-xiam0nd.tong@gmail.com> From: Dinh Nguyen In-Reply-To: <20220414035609.2239-1-xiam0nd.tong@gmail.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-4.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, NICE_REPLY_A,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 4/13/22 22:56, Xiaomeng Tong wrote: > The bug is here: > pmem->vaddr = NULL; > > The list iterator 'pmem' will point to a bogus position containing > HEAD if the list is empty or no element is found. This case must > be checked before any use of the iterator, otherwise it will > lead to a invalid memory access. > > To fix this bug, just gen_pool_free/set NULL/list_del() and return > when found, otherwise list_del HEAD and return; > > Cc: stable@vger.kernel.org > Fixes: 7ca5ce896524f ("firmware: add Intel Stratix10 service layer driver") > Signed-off-by: Xiaomeng Tong > --- > drivers/firmware/stratix10-svc.c | 12 ++++++------ > 1 file changed, 6 insertions(+), 6 deletions(-) > > diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-svc.c > index 29c0a616b317..30093aa82b7f 100644 > --- a/drivers/firmware/stratix10-svc.c > +++ b/drivers/firmware/stratix10-svc.c > @@ -941,17 +941,17 @@ EXPORT_SYMBOL_GPL(stratix10_svc_allocate_memory); > void stratix10_svc_free_memory(struct stratix10_svc_chan *chan, void *kaddr) > { > struct stratix10_svc_data_mem *pmem; > - size_t size = 0; > > list_for_each_entry(pmem, &svc_data_mem, node) > if (pmem->vaddr == kaddr) { > - size = pmem->size; > - break; > + gen_pool_free(chan->ctrl->genpool, > + (unsigned long)kaddr, pmem->size); > + pmem->vaddr = NULL; > + list_del(&pmem->node); > + return; > } > > - gen_pool_free(chan->ctrl->genpool, (unsigned long)kaddr, size); > - pmem->vaddr = NULL; > - list_del(&pmem->node); > + list_del(&svc_data_mem); > } > EXPORT_SYMBOL_GPL(stratix10_svc_free_memory); > Acked-by: Dinh Nguyen