On 13/02/2024 09:17, Pratyush Brahma wrote: > > On 2/13/2024 1:36 PM, Dmitry Baryshkov wrote: >> On Tue, 13 Feb 2024 at 08:27, Pratyush Brahma <quic_pbrahma@xxxxxxxxxxx> wrote: >>> Currently, during arm smmu probe, struct arm_smmu_device pointer >>> is allocated. The pointer is reallocated to a new struct qcom_smmu in >>> qcom_smmu_create() with devm_krealloc() which frees the smmu device >>> after copying the data into the new pointer. >>> >>> The freed pointer is then passed again in devm_of_platform_populate() >>> inside qcom_smmu_create() which causes a use-after-free issue. >>> >>> Fix the use-after-free issue by reassigning the old pointer to >>> the new pointer where the struct was copied by devm_krealloc(). >>> >>> Signed-off-by: Pratyush Brahma <quic_pbrahma@xxxxxxxxxxx> >> Missing Fixes tag. > Haven't added as the patchset in-reply-to hasn't been merged to > linux-next. Please refer my next reply. Why do you send patches for work being reviewed? Just perform the review. It looks like you deliberately want to apply bad code just to fix it a second later! Best regards, Krzysztof
