Re: [PATCH] pinctrl: sunxi: fix use-after-free in sunxi_pmx_free()

[PATCH] pinctrl: sunxi: fix use-after-free in sunxi_pmx_free() · Liu Xiang <hidden> · 2021-01-19
Re: [PATCH] pinctrl: sunxi: fix use-after-free in sunxi_pmx_free() · Maxime Ripard <hidden> · 2021-01-21
Re: [PATCH] pinctrl: sunxi: fix use-after-free in sunxi_pmx_free() · liu xiang <hidden> · 2021-01-22
Re: [PATCH] pinctrl: sunxi: fix use-after-free in sunxi_pmx_free() · Linus Walleij <hidden> · 2021-01-22
Re: [PATCH] pinctrl: sunxi: fix use-after-free in sunxi_pmx_free() · liu xiang <hidden> · 2021-01-26
Re: [PATCH] pinctrl: sunxi: fix use-after-free in sunxi_pmx_free() · liu xiang <hidden> · 2021-01-26
Re: [PATCH] pinctrl: sunxi: fix use-after-free in sunxi_pmx_free() · Linus Walleij <hidden> · 2021-01-26
Re: [PATCH] pinctrl: sunxi: fix use-after-free in sunxi_pmx_free() · Maxime Ripard <hidden> · 2021-01-26

From: liu xiang <hidden>
Date: 2021-01-22 06:16:49
Also in: lkml

Hi,

On Tue, Jan 19, 2021 at 02:29:08PM +0800, Liu Xiang wrote:
When CONFIG_REGULATOR is not set, sunxi_pmx_request() always return
success. Even a group of pins call sunxi_pmx_request(), the refcount
is only 1. This can cause a use-after-free warning in sunxi_pmx_free().
To solve this problem, go to err path if regulator_get() return NULL
or error.

Signed-off-by: Liu Xiang <redacted>

Is there any drawback to depending on CONFIG_REGULATOR?

Given that we need those regulators enabled anyway, I guess we could
just select or depends on it

Maxime


Yes, I think so. But CONFIG_REGULATOR is not enabled by default now.
So I can find this problem during startup.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help