diff options
author | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2020-01-17 21:59:34 -0800 |
---|---|---|
committer | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2020-01-17 21:59:34 -0800 |
commit | 20f6603753d7abab673b0cfb092569dc837f156d (patch) | |
tree | 0ee60bc288b80888a3bced153b936c7f39dfcaa9 /0015-ptp-free-ptp-device-pin-descriptors-properly.patch | |
parent | Updated to 5.4.12 (diff) | |
download | linux-ck-20f6603753d7abab673b0cfb092569dc837f156d.tar.xz |
Updated to 5.4.13
Diffstat (limited to '0015-ptp-free-ptp-device-pin-descriptors-properly.patch')
-rw-r--r-- | 0015-ptp-free-ptp-device-pin-descriptors-properly.patch | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/0015-ptp-free-ptp-device-pin-descriptors-properly.patch b/0015-ptp-free-ptp-device-pin-descriptors-properly.patch new file mode 100644 index 0000000..6298fa4 --- /dev/null +++ b/0015-ptp-free-ptp-device-pin-descriptors-properly.patch @@ -0,0 +1,50 @@ +From b89e9f6a3ec61a96b5abced31813ad043bda3827 Mon Sep 17 00:00:00 2001 +From: Vladis Dronov <vdronov@redhat.com> +Date: Mon, 13 Jan 2020 14:00:09 +0100 +Subject: [PATCH 15/16] ptp: free ptp device pin descriptors properly + +There is a bug in ptp_clock_unregister(), where ptp_cleanup_pin_groups() +first frees ptp->pin_{,dev_}attr, but then posix_clock_unregister() needs +them to destroy a related sysfs device. + +These functions can not be just swapped, as posix_clock_unregister() frees +ptp which is needed in the ptp_cleanup_pin_groups(). Fix this by calling +ptp_cleanup_pin_groups() in ptp_clock_release(), right before ptp is freed. + +This makes this patch fix an UAF bug in a patch which fixes an UAF bug. + +Reported-by: Antti Laakso <antti.laakso@intel.com> +Fixes: a33121e5487b ("ptp: fix the race between the release of ptp_clock and cdev") +Link: https://lore.kernel.org/netdev/3d2bd09735dbdaf003585ca376b7c1e5b69a19bd.camel@intel.com/ +Signed-off-by: Vladis Dronov <vdronov@redhat.com> +Acked-by: Richard Cochran <richardcochran@gmail.com> +--- + drivers/ptp/ptp_clock.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/ptp/ptp_clock.c b/drivers/ptp/ptp_clock.c +index 61fafe0374ce..b84f16bbd6f2 100644 +--- a/drivers/ptp/ptp_clock.c ++++ b/drivers/ptp/ptp_clock.c +@@ -170,6 +170,7 @@ static void ptp_clock_release(struct device *dev) + { + struct ptp_clock *ptp = container_of(dev, struct ptp_clock, dev); + ++ ptp_cleanup_pin_groups(ptp); + mutex_destroy(&ptp->tsevq_mux); + mutex_destroy(&ptp->pincfg_mux); + ida_simple_remove(&ptp_clocks_map, ptp->index); +@@ -302,9 +303,8 @@ int ptp_clock_unregister(struct ptp_clock *ptp) + if (ptp->pps_source) + pps_unregister_source(ptp->pps_source); + +- ptp_cleanup_pin_groups(ptp); +- + posix_clock_unregister(&ptp->clock); ++ + return 0; + } + EXPORT_SYMBOL(ptp_clock_unregister); +-- +2.25.0 + |