On Wed, Dec 21, 2022 at 12:55:03AM +0100, Borislav Petkov wrote: > On Tue, Dec 20, 2022 at 03:22:07PM +0530, Manivannan Sadhasivam wrote: > > This is a genuine use-after-free bug that happens because the edac core frees > > the memory assigned to "llcc_driv_data" pointer that gets passed as "pvt_info". > > > > Here, the LLCC driver is one creating the "qcom_llcc_edac" platform device and > > also allocating memory for "llcc_driv_data". But since during qcom_edac driver > > removal, we are just unregistering the driver and the platform device still > > stays around, the edac driver is not supposed to free any memory associated > > with the platform device. > > If you mean > > __edac_device_free_ctl_info() > > it is very well supposed to free it as it allocates it in > edac_device_alloc_ctl_info(). > > If qcom_llcc_edac_probe() simply goes and assigns something of its own > to edev_ctl->pvt_info, then that driver gets to keep the pieces ofc. > Right. It is the issue of the qcom driver from the start. Thanks, Mani > -- > Regards/Gruss, > Boris. > > https://people.kernel.org/tglx/notes-about-netiquette -- மணிவண்ணன் சதாசிவம்
