Received: by 2002:a05:7412:b112:b0:f9:3106:f1c0 with SMTP id az18csp85421rdb; Sun, 17 Dec 2023 22:52:30 -0800 (PST) X-Google-Smtp-Source: AGHT+IFLM/lStfJHnC/hUPneuwxPIMBXtMrokq3WkSjY2j7l92CB01cuZFeej1Dlm3PCvNECZxeS X-Received: by 2002:a17:907:7da1:b0:a1c:c641:4585 with SMTP id oz33-20020a1709077da100b00a1cc6414585mr9376643ejc.68.1702882350687; Sun, 17 Dec 2023 22:52:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702882350; cv=none; d=google.com; s=arc-20160816; b=IvsrzPcq87UhVmWYzhfJ5JBgQRYMJatbhnqYXnoq41ofpDxT+u3hbmeEBSZTheN3Te ppt+d9FggcbaqxqxZ9KLwMnOgB7kFV8aLazKh96+VlDYN8KinZZloKS0g4dvQJQJraV/ Dyur5dw5Vq/vTQVmLXvVSbCwyNcxVMrM1UfDRn9sCKcXc4Je+PeQDbHBa+BVdtfWgc32 G1fF0t2rcYdmhguqjznDJO7byOrGAigkK2bV8nBVRfgkDbfJ6X93GcrVnq51ndnYT2EL g/MULYsz8rKpRPJnvzWqIkoRGmDGUAxf4mNEA8hRki24352HVGvrw3DYXxiZmZ5HA/bB 6apw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=fGSHIpnyYSACg9zbJ/oYxI3BGS10rXS88hw2xxGWyTI=; fh=bIJeISBir72udLwaExSzPE28RfG6uMmrkJhxxITLmGM=; b=ZjsZRke7qhmFprO8MWvBEbhJ+p4HvYw/pWqY9Vrx6gQKcmYkkWGCqmsyz2PEqdJYnn qFfRsv39O0cHpty8N1eHH3tkeuZ7M8pjghayUt60S2iCWs9LyrZFckd9v400zTRBvQkG x5Sob+S0+I6+NWeMv+rZjy7qFmr636ZG3IgxitEIL/s42bSHx5PsnFjIlXx/M3hHV8jc 7EsXq4+M+LLj4cdkXwruso/aFA+m6rzy9k6HUVVtR1NAxirApJe8tJjHp9HiOWVTaAS4 VgR2p5V6drVuHjii0J6pR3dGrbN1Oay7gBn2H+8vKBSMvFYyIA4anOOzDPf2qLBGPH5o utyg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Kcf71oHu; spf=pass (google.com: domain of linux-kernel+bounces-3064-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-3064-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id jt8-20020a170906ca0800b00a2318753fadsi2912945ejb.276.2023.12.17.22.52.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 17 Dec 2023 22:52:30 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-3064-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Kcf71oHu; spf=pass (google.com: domain of linux-kernel+bounces-3064-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-3064-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 3B23A1F2146E for ; Mon, 18 Dec 2023 06:52:30 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B71C2748E; Mon, 18 Dec 2023 06:52:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="Kcf71oHu" X-Original-To: linux-kernel@vger.kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EDB457461 for ; Mon, 18 Dec 2023 06:52:21 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 24BE5C433C8; Mon, 18 Dec 2023 06:52:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1702882341; bh=llh1Y16tgU5GVwSkmJ1KisMeuRqZAgd9EWfxj3tYCnE=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Kcf71oHuLCTBdRo+/clmZ8oXoWXFp5SAfo7y+b/I+f+9BE36gxpz9SlxMeq5jQyzB L5RwYSj26n1ZJCyTfPm8buY844AxadGtjGVJUT5f1kfhguUFQNkQV2AqLBEr5CmnH8 tbt0SLWyH3zP+C30Ehy1NLlXMezCXbH0mWx0UZpI= Date: Mon, 18 Dec 2023 07:52:18 +0100 From: Greg Kroah-Hartman To: Chunyan Zhang Cc: "Rafael J . Wysocki" , LKML , Jing Xia , Jing Xia , Xuewen Yan , Ke Wang , Chunyan Zhang Subject: Re: [PATCH] class: fix use-after-free in class_register() Message-ID: <2023121830-proxy-washed-ae4d@gregkh> References: <20231218024403.1076134-1-chunyan.zhang@unisoc.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20231218024403.1076134-1-chunyan.zhang@unisoc.com> On Mon, Dec 18, 2023 at 10:44:03AM +0800, Chunyan Zhang wrote: > From: Jing Xia > > The lock_class_key is still registered and can be found in > lock_keys_hash hlist after subsys_private is freed in error > handler path.A task who iterate over the lock_keys_hash > later may cause use-after-free.So fix that up and unregister > the lock_class_key before kfree(cp). What task iterates over all hashes? And can you put ' ' after your '.'? And how was this found? > > Signed-off-by: Jing Xia > Signed-off-by: Xuewen Yan What commit id does this fix? Also note in the changelog that this only can happen if lockdep is enabled, which is not true for normal systems. thanks, greg k-h