[PATCH v5 0/2] firmware_loader: fix uaf in firmware_fallback_sysfs
From: Anirudh Rayabharam <hidden>
Date: 2021-07-21 19:01:13
Also in:
linux-kernel-mentees
This series fixes the use after free in firmware_fallback_sysfs reported by syzbot at: https://syzkaller.appspot.com/bug?extid=de271708674e2093097b The first patch does some cleanup of the error codes and documents them properly. The second patch goes on to actually fix the bug. Changes in v5: 1. Split the patch into two patches as discussed here: https://lore.kernel.org/lkml/20210715232105.am4wsxfclj2ufjdw@garbanzo/ (local) Changes in v4: Documented the reasons behind the error codes returned from fw_sysfs_wait_timeout() as suggested by Luis Chamberlain. Changes in v3: Modified the patch to incorporate suggestions by Luis Chamberlain in order to fix the root cause instead of applying a "band-aid" kind of fix. https://lore.kernel.org/lkml/20210403013143.GV4332@42.do-not-panic.com/ (local) Changes in v2: 1. Fixed 1 error and 1 warning (in the commit message) reported by checkpatch.pl. The error was regarding the format for referring to another commit "commit <sha> ("oneline")". The warning was for line longer than 75 chars. Anirudh Rayabharam (2): firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback firmware_loader: fix use-after-free in firmware_fallback_sysfs drivers/base/firmware_loader/fallback.c | 46 ++++++++++++++++++------- drivers/base/firmware_loader/firmware.h | 6 +++- drivers/base/firmware_loader/main.c | 2 ++ 3 files changed, 40 insertions(+), 14 deletions(-) -- 2.26.2