Re: BUG: KASAN: i2c dev use after free

From: Wolfram Sang
Date: Sun Mar 22 2020 - 12:18:19 EST

Next message: Dejin Zheng: "Re: [PATCH net-next v4 6/9] net: phy: marvell10g: use phy_read_mmd_poll_timeout() to simplify the code"
Previous message: Kees Cook: "Re: [PATCH v11 5/8] iio: adc: adi-axi-adc: add support for AXI ADC IP core"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> I think patch introduced this issue d6760b14d4a1 ("i2c: dev: switch
> from register_chrdev to cdev API")
> and patch e6be18f6d62c ("i2c: dev: use after free in detach") tried to solve it.
> However, when CONFIG_DEBUG_KOBJECT_RELEASE is enabled it delays
> the ->release callback to make sure that anything that is done in release can
> be done later than it happens in normal execution.
> The cdev structure is supposed to be freed in the remove callback or after it,
> but here it has already been freed by the put_i2c_dev().

For the record, Kevin Hao fixed it and it is now in linux-next as:
1413ef638aba ("i2c: dev: Fix the race between the release of i2c_dev and cdev")

Thanks, Kevin!

Attachment: signature.asc
Description: PGP signature

Next message: Dejin Zheng: "Re: [PATCH net-next v4 6/9] net: phy: marvell10g: use phy_read_mmd_poll_timeout() to simplify the code"
Previous message: Kees Cook: "Re: [PATCH v11 5/8] iio: adc: adi-axi-adc: add support for AXI ADC IP core"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]