Re: [PATCH] software node: Prevent link creation failure from causing kobj reference count imbalance
From: Andy Shevchenko
Date: Mon Apr 14 2025 - 02:20:48 EST
On Fri, Apr 11, 2025 at 08:42:02AM +0800, Lizhi Xu wrote:
> syzbot reported a uaf in software_node_notify_remove. [1]
>
> When any of the two sysfs_create_link() in software_node_notify() fails,
> the swnode->kobj reference count will not increase normally, which will
> cause swnode to be released incorrectly due to the imbalance of kobj reference
> count when executing software_node_notify_remove().
>
> Increase the reference count of kobj before creating the link to avoid uaf.
>
> [1]
Please, reduce this to ~5-7 lines only. This is how Submitting Patches document
recommends to put backtraces in the commit messages:
https://www.kernel.org/doc/html/latest/process/submitting-patches.html#backtraces-in-commit-messages
> Fixes: 9eb59204d519 ("iommufd/selftest: Add set_dev_pasid in mock iommu")
> Reported-by: syzbot+2ff22910687ee0dfd48e@xxxxxxxxxxxxxxxxxxxxxxxxx
> Closes: https://syzkaller.appspot.com/bug?extid=2ff22910687ee0dfd48e
> Tested-by: syzbot+2ff22910687ee0dfd48e@xxxxxxxxxxxxxxxxxxxxxxxxx
Where is the positive result of it? I can't find the respective log.
To me this one
https://syzkaller.appspot.com/x/report.txt?x=158af070580000
doesn't sound as a useful report as I don't know if this patch fixes one
regression and introduced another.
Dmitry?
--
With Best Regards,
Andy Shevchenko