Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp2292152rwb; Mon, 19 Sep 2022 02:55:44 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4mo/4PLiexxBSMS/QXqXVGbQ8AK9RaQh2AZZcKgOUtrQUs/Sv49HrZbXOofyFjlDi4shKm X-Received: by 2002:a05:6a00:1c98:b0:540:d461:f9d8 with SMTP id y24-20020a056a001c9800b00540d461f9d8mr17362005pfw.29.1663581343980; Mon, 19 Sep 2022 02:55:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663581343; cv=none; d=google.com; s=arc-20160816; b=t/ta0QcsfTwn6LcXhE/mxhcTUHVQzh7zXqfPPyZa1//1mRzgrlW2JhpjDfrVYo64TU Pn3hgnvbbjca6MVHbwoFLhum7r98ZxW/Tc9f8BUaW7cKAanvPnZRcjwZxf/Dfz5aQ6wm SxWFVL90lUa7Y+QzfwczZyE1g3su7NOd+DOGbu/zUUneej9fdqcIGYzVmU7+u+9ffyl1 /7EQirO7BHer2iL/A7cWP6EE/tf8NixjMp1mQudxTbDJeWBV24/m8N4jrpXKDv8dplFQ Dmv+4ugq7GSr2ckRG/XKNkeUvEEFjRFjobsK6rwZvNmeUMFuC1lTfMSI+dSeDA0ezIk0 d8ig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=QW5wFEFFCfCMbHso99VeAXAWobVxXFs1p+LYneBid8A=; b=x3Jvx8c1GiIDkolEYM7130D2YhNiAiVaQGSa5cB/+4t5QiMGSA8L8i/kgBLZp2xO5K uDZmxsnqYvs6kHSoLxi/YZUAWT4A3NP96ZYeQNqqWzcc2w4cTpXc8/QtIXZz0sw/jWHB oXiockprkcVVKMHGggl2lc85SvfNpglZfBmJeCRDl1g9XNCXVvDBXRPiFUGFzfnqVbLu u1mxJMOW2D9O4aKPFeC9SN3qLDVHU8hMZviJWtZ4U5ZHgaTeIENBpjUrxzi71JvWpOpL Pecc5SCyhmGgKfGrRwT1TC7QxJC2NIPJ6Nbk4LkhTX1VUi8uDPkDPFslQf4qtbesMw/0 fJjQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=l9xS8Xub; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e22-20020a656896000000b004392e26a2f7si23085342pgt.404.2022.09.19.02.55.32; Mon, 19 Sep 2022 02:55:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=l9xS8Xub; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229473AbiISJpF (ORCPT + 99 others); Mon, 19 Sep 2022 05:45:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38294 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229645AbiISJpC (ORCPT ); Mon, 19 Sep 2022 05:45:02 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 37667CE29 for ; Mon, 19 Sep 2022 02:45:01 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C7F3D60FEE for ; Mon, 19 Sep 2022 09:45:00 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 92121C433D6; Mon, 19 Sep 2022 09:44:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1663580700; bh=fRcmRGYuCxElmbVoEv4GLbgpAqtCZKtYkTbraNaqeMI=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=l9xS8XubRv64qvvOST0HVGC9k6t3EzQu6oHrFk8KRyEaYZZ/VBoyPBXJbwr7AHoe+ Li67RmtXa5eJegkzdXa3XT+DNWKNiCO1BqYgZqiq0Nk5j1nY2mw1YcEBr2TcgDO6iT I9jD+S6f/tNrujsB04aEykCo+/xNRH9MYHuAjDmw= Date: Mon, 19 Sep 2022 11:45:27 +0200 From: Greg KH To: Hyunwoo Kim Cc: lkundrak@v3.sk, linux-kernel@vger.kernel.org, arnd@arndb.de, linux@dominikbrodowski.net Subject: Re: [PATCH v4] char: pcmcia: scr24x_cs: Fix use-after-free in scr24x_fops Message-ID: References: <20220919093801.GA307492@ubuntu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220919093801.GA307492@ubuntu> X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Sep 19, 2022 at 02:38:01AM -0700, Hyunwoo Kim wrote: > A race condition may occur if the user physically removes the > pcmcia device while calling open() for this char device node. > > This is a race condition between the scr24x_open() function and > the scr24x_remove() function, which may eventually result in UAF. > > So, add a mutex to the scr24x_open() and scr24x_remove() functions > to avoid race contidion of krefs. > > Signed-off-by: Hyunwoo Kim > Reported-by: kernel test robot The robot did not report this original problem :( > --- > drivers/char/pcmcia/scr24x_cs.c | 73 +++++++++++++++++++++++---------- > 1 file changed, 52 insertions(+), 21 deletions(-) You failed to put below the --- line what changed from previous versions as the documentation asks for. thanks, greg k-h