diff options
| author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2022-01-14 09:00:49 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2022-01-14 09:00:49 +0100 |
| commit | 374455f081ca3aac16960d99f8b02b3580499b18 (patch) | |
| tree | e496f56abe5d6bad3cf8d9ba8161283a663f8d05 | |
| parent | 38a46bd87a55363672e53e8e4926713141d4c452 (diff) | |
| download | patches-374455f081ca3aac16960d99f8b02b3580499b18.tar.gz | |
another patch
| -rw-r--r-- | 0001-moxart-fix-potential-use-after-free-on-remove-path.patch | 40 | ||||
| -rw-r--r-- | series | 1 |
2 files changed, 41 insertions, 0 deletions
diff --git a/0001-moxart-fix-potential-use-after-free-on-remove-path.patch b/0001-moxart-fix-potential-use-after-free-on-remove-path.patch new file mode 100644 index 00000000000000..40b099df459821 --- /dev/null +++ b/0001-moxart-fix-potential-use-after-free-on-remove-path.patch @@ -0,0 +1,40 @@ +From b927353f1bc0ab6887727fb34145637998141123 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +Date: Fri, 14 Jan 2022 08:50:22 +0100 +Subject: [PATCH] moxart: fix potential use-after-free on remove path + +It was reported that the mmc host structure could be accessed after it +was freed in moxart_remove(), so fix this by saving the base register of +the device and using it instead of the pointer dereference. + +Reported-by: whitehat002 <hackyzh002@gmail.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + drivers/mmc/host/moxart-mmc.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +--- a/drivers/mmc/host/moxart-mmc.c ++++ b/drivers/mmc/host/moxart-mmc.c +@@ -697,6 +697,7 @@ static int moxart_remove(struct platform + { + struct mmc_host *mmc = dev_get_drvdata(&pdev->dev); + struct moxart_host *host = mmc_priv(mmc); ++ void __iomem *base = host->base; + + dev_set_drvdata(&pdev->dev, NULL); + +@@ -707,10 +708,10 @@ static int moxart_remove(struct platform + mmc_remove_host(mmc); + mmc_free_host(mmc); + +- writel(0, host->base + REG_INTERRUPT_MASK); +- writel(0, host->base + REG_POWER_CONTROL); +- writel(readl(host->base + REG_CLOCK_CONTROL) | CLK_OFF, +- host->base + REG_CLOCK_CONTROL); ++ writel(0, base + REG_INTERRUPT_MASK); ++ writel(0, base + REG_POWER_CONTROL); ++ writel(readl(base + REG_CLOCK_CONTROL) | CLK_OFF, ++ base + REG_CLOCK_CONTROL); + + return 0; + } @@ -1,4 +1,5 @@ # +0001-moxart-fix-potential-use-after-free-on-remove-path.patch 0001-paride-fix-up-build-warning-on-mips-platforms.patch 0001-Kbuild-provide-a-common-kernel-installation-script.patch 0001-driver-core-aux-test-code.patch |