Received: by 2002:a05:7412:b112:b0:f9:3106:f1c0 with SMTP id az18csp85768rdb; Sun, 17 Dec 2023 22:53:46 -0800 (PST) X-Google-Smtp-Source: AGHT+IEtQb8MEc4yr0O1C7CNli5+Zo0a841l9l2dN7zYP+c5hBLvbvEL3GcH7h+przGzJLi9wKmS X-Received: by 2002:a9d:7482:0:b0:6db:8bf5:23bd with SMTP id t2-20020a9d7482000000b006db8bf523bdmr889522otk.9.1702882426397; Sun, 17 Dec 2023 22:53:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702882426; cv=none; d=google.com; s=arc-20160816; b=E8A41e8mePKV67VNGVbfrtbhAYqddwdTxTaOh2IKhLnUPBhNHtuJVzG5bvz5OJfoO4 XIGNsbq25NLnDslPmDCmEKGamu8I0IkZ4eIWFhe6urCtbQZhXeQ4IfW00qrVtklKoSDS o98whSrjPWEk4e25N24zkDnBsm+O9bbN2zxWP1KGaeDaJlT13pazrpn0wmWTDWTvWgfv Scxillhinpolcvo4C4zlPhcuBFyHCChjyLIkDLek9Qp+/dabqw6rk3DIIbQrdiW5z6/E xDn3P3bVEXv4tjZadiSNVZLfmlqIYci7OqQIA4OFuOoKvSZozlIXzds1awf2iLEnQC6/ g7QQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=Bs0buUD+p1HNk/NRn90R1UT8MA5sx51YcgXK5YUwCbE=; fh=bIJeISBir72udLwaExSzPE28RfG6uMmrkJhxxITLmGM=; b=UQJRz2nxIejXadTairXMLaJG55C567IDQipwfPcvGl+lb9GZF2wq+5uKtj0qqJ0K0z bQHm+8fWSsRH5JABwzPRTeBbh2rMmZmGrQRmIfP4/7GZJeRk0rXuFe5tMys8XduKpRB3 9iuNS5y8OXpK5qeWVAif1dShZODXqDhk5DvgGeyziRmv11c1T3Qvp4HUMF5crUN0xHON 8XsW42fP9QoLVKarGUfAVtnXDquATAymA2v5ICPJGEKdkU90qMdYPCk5a0jrCUTbPiW/ FxkTk8L2Yn8CelTTiS4zESroHH+lryoLFcTB5negDA0MZZE4qKCxwksCHnAz6erIrxNf Gg0Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=KMbQgL2l; spf=pass (google.com: domain of linux-kernel+bounces-3066-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-3066-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id c17-20020a631c51000000b005b93064798bsi17041504pgm.191.2023.12.17.22.53.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 17 Dec 2023 22:53:46 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-3066-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=KMbQgL2l; spf=pass (google.com: domain of linux-kernel+bounces-3066-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-3066-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 80ADDB20BF7 for ; Mon, 18 Dec 2023 06:53:40 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A197AD272; Mon, 18 Dec 2023 06:53:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="KMbQgL2l" X-Original-To: linux-kernel@vger.kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D9FB0C8F1 for ; Mon, 18 Dec 2023 06:53:16 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 12322C433C7; Mon, 18 Dec 2023 06:53:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1702882396; bh=fVHeQ3XB4kGVbvG8trcdzhlOFXJCIm6geR4rTO2sLwY=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=KMbQgL2l2gO7u+z9sLtANaxVKrdt7WWhJzTo33ErQwZM0trRZnj8Eu8P6UkReAvUR cEbMcYaBqCELd14ibErazf3lEoxHWLYOgERZMu1vWv4XbYu7VSihZBlwQwKABQiE2X LFqWxeAyuZ5MO8J1Fbjn80uyVzXVs9rDEhz7kjvI= Date: Mon, 18 Dec 2023 07:53:13 +0100 From: Greg Kroah-Hartman To: Chunyan Zhang Cc: "Rafael J . Wysocki" , LKML , Jing Xia , Jing Xia , Xuewen Yan , Ke Wang , Chunyan Zhang Subject: Re: [PATCH] class: fix use-after-free in class_register() Message-ID: <2023121858-slider-trustful-44a4@gregkh> References: <20231218024403.1076134-1-chunyan.zhang@unisoc.com> <2023121830-proxy-washed-ae4d@gregkh> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <2023121830-proxy-washed-ae4d@gregkh> On Mon, Dec 18, 2023 at 07:52:18AM +0100, Greg Kroah-Hartman wrote: > On Mon, Dec 18, 2023 at 10:44:03AM +0800, Chunyan Zhang wrote: > > From: Jing Xia > > > > The lock_class_key is still registered and can be found in > > lock_keys_hash hlist after subsys_private is freed in error > > handler path.A task who iterate over the lock_keys_hash > > later may cause use-after-free.So fix that up and unregister > > the lock_class_key before kfree(cp). > > What task iterates over all hashes? > > And can you put ' ' after your '.'? > > And how was this found? And more importantly, how was this tested? thanks, greg k-h