Received: by 2002:a05:6358:a55:b0:ec:fcf4:3ecf with SMTP id 21csp2140230rwb; Thu, 19 Jan 2023 21:52:07 -0800 (PST) X-Google-Smtp-Source: AMrXdXsRpoLjoHBq3C6Yt3gp7cOXqRRElGHpK/az3ZMFKFdD190QIeT6acTdIWs/KDZUZBG4UhOa X-Received: by 2002:aa7:8619:0:b0:581:12c5:1356 with SMTP id p25-20020aa78619000000b0058112c51356mr14281431pfn.30.1674193927456; Thu, 19 Jan 2023 21:52:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674193927; cv=none; d=google.com; s=arc-20160816; b=n0Aisne8NCsNcR4NxEU+xX1mbCb14Apo/DOxuoNVbqLNpJu1BzmZz36qbp3OMN4yUa jcHXYjg4dmgp5NVwfxqHhDbNvH02hWLs8CrTalcYr6v9WiVjD5CTCGQ8X0vxebVMHPEw GbDJacKt4bxoFMn1YjoNdLXnXKkAcIGxOZcTWs51hkW61NXRYQ9921G895yd4Vz/AoYR 1afEJcpxPGDiJl4xBNv1X5Yigbnd0OJSxvbSiGfRL4vF9BWheDvLcBeKnnvQAd0Vv9Uv DuXSqDeuD2i9GTyH7Cp7SxHO1JUhP+dhYN61Kfko6Dh3NoVhUyJxFtBBlYH+OJRXUz+J px8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=/7sGWTzav0w/3UXVyW4cfzRnApt9mwfro//j7r7LFqc=; b=VnH79o571hpfmuJSJ5WkxH41Rb7Lmat1mcNRE+sRXjzTMCDzYxgOkOB9MeKjEYWpTU +oUGOYSFQQTr5T9qlqMUAjrYsVdsDyWft5H2Y9rQgVHOzDMgzfPJACIEnBG29xCoizXI cVWILvGXYiUXGgFMN3DGQjNPanab/uf7yikMxDnRm2u7ZLATZYnrvYcys/yaMRLQu5Kg L77WHcm1SxFCmrBCMqj2wAbCJATNENnJo1bJW5T7l6eAOOVOJZeMzCKyyp3MeQUQ8VkH spBuM0mpaAFTSRJ3bSQIRVMWf0NlgY0AKEG0qWmTC0MLqbkOOUek7or7L5o3wFZwOdzE HoAQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xs4all.nl Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z18-20020aa79e52000000b0058daae0c0eesi13853913pfq.43.2023.01.19.21.52.01; Thu, 19 Jan 2023 21:52:07 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xs4all.nl Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231203AbjATFIZ (ORCPT + 47 others); Fri, 20 Jan 2023 00:08:25 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34968 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231172AbjATFHy (ORCPT ); Fri, 20 Jan 2023 00:07:54 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E7E44C45B2; Thu, 19 Jan 2023 20:55:08 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 2B60CB82109; Thu, 19 Jan 2023 07:46:43 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9B0FDC433EF; Thu, 19 Jan 2023 07:46:40 +0000 (UTC) Message-ID: Date: Thu, 19 Jan 2023 08:46:39 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.6.0 Subject: Re: [PATCH] media:cec:fix double free and uaf issue when cancel data during noblocking Content-Language: en-US To: Xinghui Li , mchehab@kernel.org Cc: linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, Xinghui Li , loydlv References: <20230111123712.160882-1-korantwork@gmail.com> <4D54942F-92F0-429D-9F54-3D8F7705D576@gmail.com> From: Hans Verkuil In-Reply-To: <4D54942F-92F0-429D-9F54-3D8F7705D576@gmail.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-6.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,NICE_REPLY_A,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 19/01/2023 05:49, Xinghui Li wrote: > 在 2023/1/18 18:18,“Hans Verkuil”> 写入: > >> ...while this free is called if data->blocking is true. (see the 'if (!block) return 0;' >> further up). > Do you mean this code? > > /* All done if we don't need to block waiting for completion */ > if (!block) > return 0; Yes. > I notice this part code. But I'm not sure if 'block' will be modified in other sync operations. > So I sent this patch for community to review. It's not modified anywhere else. > >> So I have my doubts if this patch actually addresses the correct issue. >> Do you have an actual debug trace of the UAF? Or even better, code to reproduce >> this issue. > > And we found this issue by the code scanning tool developed by loydlv and filtered from 200 issue by human. > So it could be the none-issue. If so, I hope I didn't waste too much of your time. I'll reject this patch since I believe this to be a false report. For future reference: if a patch is based on code scanning tools then it's good to mention that in the commit log. I wasn't aware that 'loydlv' is such a tool. Regards, Hans