From patchwork Wed Dec 28 08:40:14 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Manivannan Sadhasivam X-Patchwork-Id: 37130 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp1783437wrt; Wed, 28 Dec 2022 00:42:34 -0800 (PST) X-Google-Smtp-Source: AMrXdXtRMr1QQdmkgl2bYHv4kQ2vY5KIu4J3PkIHjjI/xOCRh8Deg8eR4bozN0b/f96T/y4d/FVo X-Received: by 2002:a05:6a21:78a0:b0:a3:960e:7d0a with SMTP id bf32-20020a056a2178a000b000a3960e7d0amr38477521pzc.58.1672216953915; Wed, 28 Dec 2022 00:42:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672216953; cv=none; d=google.com; s=arc-20160816; b=POzpw6ni0zSUxBk6f1UITpy4KRYjkR077cZveh5AFk4tS4MU5Jhs+ohxWmqL2/gqiw my4p0ENYbbkZobieunEFBwN3Q2kiIZ+XWoMRUC0bUi0TB+Mz2xGdDWohMz1rXdVmamQm Kc5DVbYfkL08C1BkehOVRCeJGbyfg0hlqVMFX9KKMUFNMsKPcUwyAsRUaLgBAE7Dxlye fkR9pKfAlMQMRmdmX1MvFQB9RX2a5vevaWPH1/ba+s8PWLNTTdduL6x61C2EjX60jcoS PV3ZfY2Tue+U+8fmxo9rMvWiFqAZN/anivbt5GpCxr+W3dAOpP4ffEpDEGdJP4fqRje6 e4+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=q1NrdFunM3umkB8l0ZcJbFNj2UhbwdZo1HlNf5THZjI=; b=POhCqzpbRNds46W1Qi4pKuBeIvaJnpDCekozhOkPuXafIjbIX8xWBaDK2tsMZI+O3j pkYiRJfZSNkLzateim5vpyH+sE+LZb75tph4LlhvAY0BD8px4z77cEy+OGvqXIOl0pOH v7XuNXyF2ucE5pokwG41drgrYkKvVJRAzPzPbip8OquwIJnGz/uwjbvTo8qrhgc9cDna twedoZ594RaL6jGGmPHCb6Vhgmx6NdWEA2ij2RrC7kcrAZfVY8KtbkVI2oTUiSbvNqQ3 7dltRDkKJS8UvcPduK2ZqiRcwkYrWUTje0AWuruya+xZqrucmzkfgijoomSjYrA3eOQ6 tyBg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=YWqrz5eG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f68-20020a636a47000000b004794d65bc1esi15689608pgc.399.2022.12.28.00.42.22; Wed, 28 Dec 2022 00:42:33 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=YWqrz5eG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232786AbiL1Ild (ORCPT + 99 others); Wed, 28 Dec 2022 03:41:33 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45818 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232625AbiL1IlP (ORCPT ); Wed, 28 Dec 2022 03:41:15 -0500 Received: from mail-pf1-x435.google.com (mail-pf1-x435.google.com [IPv6:2607:f8b0:4864:20::435]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 46AF0325 for ; Wed, 28 Dec 2022 00:41:06 -0800 (PST) Received: by mail-pf1-x435.google.com with SMTP id e21so734028pfl.1 for ; Wed, 28 Dec 2022 00:41:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=q1NrdFunM3umkB8l0ZcJbFNj2UhbwdZo1HlNf5THZjI=; b=YWqrz5eGRIMsG0Ei1l5tGH6itYViuDMDjNgd0hF1Elmf6sDEYzP7h6Q0Dsz2GRvwfo 0uzKrsugC7Xg1enMvNSndm9h+svhJzCffttyCNPtG5P5obkMDMECSHXndyOQa+LF5jai I8caCiTs2IiLBTvWZdQomkKHw3UzLjkejpZdzOmm0DptQATdWVD4bIxbV2d8c60nOLYI cvfX1nSj0FtintmSBgA/JSPsPzpcOjGdtIUFX1Q3XQq88DPwcOBgIpvdbyQhCJ3FFZuR AjKKK8ffmlo6xuC8QcDy23H0S1BqiIFyJmLK4Wa5EY7fEL5gwNB0OL/IcX9Dp+nlOYQf u0bA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=q1NrdFunM3umkB8l0ZcJbFNj2UhbwdZo1HlNf5THZjI=; b=YAFABRz2KJRZZyTMyenwpTvjG1baUQMJOYeT4cnzXrJ09yklnqmFSaMSg8cpgheyqu HbpOruv6fLYH/J0eavxgKQBDN0iAMs6cFnpTZ5x+xIN4IU+73dbdpWt8jJlUGZbXK5ZP DEmUlUduj9dJrjfBJ+ZifASt/F+eqtOM7oM3nHAVvCQmLksjRI9+HGdsTkeyevhh7hrn FQJkQK03wHShT3OKTy6yOFkFVqqOf+bdVYe96lwQy0dS8oT+Nj739yudL17x1kOsHP2S cPmBMdqnw14uVriqMJUjzm+YgevfydnpPVCnxJgF0i68BNP3nKq/9DpBaYygO6xhifwm Z6LQ== X-Gm-Message-State: AFqh2kpaNn+0zpSBVAU3+Nc3ZQe6abuq5sEk0QpNLQkB0n/DgMMugQjr uMG84vd3M4jdYezztSEoVgHm X-Received: by 2002:aa7:83d1:0:b0:580:d71e:a2e5 with SMTP id j17-20020aa783d1000000b00580d71ea2e5mr13909138pfn.22.1672216865946; Wed, 28 Dec 2022 00:41:05 -0800 (PST) Received: from localhost.localdomain ([117.217.178.73]) by smtp.gmail.com with ESMTPSA id d188-20020a6236c5000000b0057a9b146592sm9786286pfa.186.2022.12.28.00.40.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 28 Dec 2022 00:41:05 -0800 (PST) From: Manivannan Sadhasivam To: andersson@kernel.org, robh+dt@kernel.org, krzysztof.kozlowski+dt@linaro.org, bp@alien8.de, tony.luck@intel.com Cc: quic_saipraka@quicinc.com, konrad.dybcio@linaro.org, linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org, james.morse@arm.com, mchehab@kernel.org, rric@kernel.org, linux-edac@vger.kernel.org, quic_ppareek@quicinc.com, luca.weiss@fairphone.com, ahalaney@redhat.com, steev@kali.org, Manivannan Sadhasivam , stable@vger.kernel.org Subject: [PATCH v5 03/17] EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info Date: Wed, 28 Dec 2022 14:10:14 +0530 Message-Id: <20221228084028.46528-4-manivannan.sadhasivam@linaro.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221228084028.46528-1-manivannan.sadhasivam@linaro.org> References: <20221228084028.46528-1-manivannan.sadhasivam@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1753446564839541739?= X-GMAIL-MSGID: =?utf-8?q?1753446564839541739?= The memory for "llcc_driv_data" is allocated by the LLCC driver. But when it is passed as "pvt_info" to the EDAC core, it will get freed during the qcom_edac driver release. So when the qcom_edac driver gets probed again, it will try to use the freed data leading to the use-after-free bug. Fix this by not passing "llcc_driv_data" as pvt_info but rather reference it using the "platform_data" in the qcom_edac driver. Cc: # 4.20 Fixes: 27450653f1db ("drivers: edac: Add EDAC driver support for QCOM SoCs") Tested-by: Steev Klimaszewski # Thinkpad X13s Tested-by: Andrew Halaney # sa8540p-ride Reported-by: Steev Klimaszewski Signed-off-by: Manivannan Sadhasivam Reviewed-by: Borislav Petkov (AMD) --- drivers/edac/qcom_edac.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/edac/qcom_edac.c b/drivers/edac/qcom_edac.c index 9e77fa84e84f..3256254c3722 100644 --- a/drivers/edac/qcom_edac.c +++ b/drivers/edac/qcom_edac.c @@ -252,7 +252,7 @@ dump_syn_reg_values(struct llcc_drv_data *drv, u32 bank, int err_type) static int dump_syn_reg(struct edac_device_ctl_info *edev_ctl, int err_type, u32 bank) { - struct llcc_drv_data *drv = edev_ctl->pvt_info; + struct llcc_drv_data *drv = edev_ctl->dev->platform_data; int ret; ret = dump_syn_reg_values(drv, bank, err_type); @@ -289,7 +289,7 @@ static irqreturn_t llcc_ecc_irq_handler(int irq, void *edev_ctl) { struct edac_device_ctl_info *edac_dev_ctl = edev_ctl; - struct llcc_drv_data *drv = edac_dev_ctl->pvt_info; + struct llcc_drv_data *drv = edac_dev_ctl->dev->platform_data; irqreturn_t irq_rc = IRQ_NONE; u32 drp_error, trp_error, i; int ret; @@ -358,7 +358,6 @@ static int qcom_llcc_edac_probe(struct platform_device *pdev) edev_ctl->dev_name = dev_name(dev); edev_ctl->ctl_name = "llcc"; edev_ctl->panic_on_ue = LLCC_ERP_PANIC_ON_UE; - edev_ctl->pvt_info = llcc_driv_data; rc = edac_device_add_device(edev_ctl); if (rc)