mirror-linux

History

Zheyu Ma 2c0c19b681 fbdev: fbmem: Fix double free of 'fb_info->pixmap.addr' savagefb and some other drivers call kfree to free 'info->pixmap.addr' even after calling unregister_framebuffer, which may cause double free. Fix this by setting 'fb_info->pixmap.addr' to NULL after kfree in unregister_framebuffer. The following log reveals it: [ 37.318872] BUG: KASAN: double-free or invalid-free in kfree+0x13e/0x290 [ 37.319369] [ 37.320803] Call Trace: [ 37.320992] dump_stack_lvl+0xa8/0xd1 [ 37.321274] print_address_description+0x87/0x3b0 [ 37.321632] ? kfree+0x13e/0x290 [ 37.321879] ? kfree+0x13e/0x290 [ 37.322126] ? kfree+0x13e/0x290 [ 37.322374] kasan_report_invalid_free+0x58/0x90 [ 37.322724] ____kasan_slab_free+0x123/0x140 [ 37.323049] __kasan_slab_free+0x11/0x20 [ 37.323347] slab_free_freelist_hook+0x81/0x150 [ 37.323689] ? savagefb_remove+0xa1/0xc0 [savagefb] [ 37.324066] kfree+0x13e/0x290 [ 37.324304] savagefb_remove+0xa1/0xc0 [savagefb] [ 37.324655] pci_device_remove+0xa9/0x250 [ 37.324959] ? pci_device_probe+0x7d0/0x7d0 [ 37.325273] device_release_driver_internal+0x4f7/0x7a0 [ 37.325666] driver_detach+0x1e8/0x2c0 [ 37.325952] bus_remove_driver+0x134/0x290 [ 37.326262] ? sysfs_remove_groups+0x97/0xb0 [ 37.326584] driver_unregister+0x77/0xa0 [ 37.326883] pci_unregister_driver+0x2c/0x1c0 [ 37.336124] [ 37.336245] Allocated by task 5465: [ 37.336507] ____kasan_kmalloc+0xb5/0xe0 [ 37.336801] __kasan_kmalloc+0x9/0x10 [ 37.337069] kmem_cache_alloc_trace+0x12b/0x220 [ 37.337405] register_framebuffer+0x3f3/0xa00 [ 37.337731] foo_register_framebuffer+0x3b/0x50 [savagefb] [ 37.338136] [ 37.338255] Freed by task 5475: [ 37.338492] kasan_set_track+0x3d/0x70 [ 37.338774] kasan_set_free_info+0x23/0x40 [ 37.339081] ____kasan_slab_free+0x10b/0x140 [ 37.339399] __kasan_slab_free+0x11/0x20 [ 37.339694] slab_free_freelist_hook+0x81/0x150 [ 37.340034] kfree+0x13e/0x290 [ 37.340267] do_unregister_framebuffer+0x21c/0x3d0 [ 37.340624] unregister_framebuffer+0x23/0x40 [ 37.340950] savagefb_remove+0x45/0xc0 [savagefb] [ 37.341302] pci_device_remove+0xa9/0x250 [ 37.341603] device_release_driver_internal+0x4f7/0x7a0 [ 37.341990] driver_detach+0x1e8/0x2c0 [ 37.342272] bus_remove_driver+0x134/0x290 [ 37.342577] driver_unregister+0x77/0xa0 [ 37.342873] pci_unregister_driver+0x2c/0x1c0 [ 37.343196] cleanup_module+0x15/0x1c [savagefb] [ 37.343543] __se_sys_delete_module+0x398/0x490 [ 37.343881] __x64_sys_delete_module+0x56/0x60 [ 37.344221] do_syscall_64+0x4d/0xc0 [ 37.344492] entry_SYSCALL_64_after_hwframe+0x44/0xae Signed-off-by: Zheyu Ma <zheyuma97@gmail.com> Signed-off-by: Sam Ravnborg <sam@ravnborg.org> Link: https://patchwork.freedesktop.org/patch/msgid/1633848148-29747-1-git-send-email-zheyuma97@gmail.com		2021-10-10 09:50:32 +02:00
..
accessibility	…
acpi	Additional ACPI updates for 5.15-rc1	2021-09-10 13:29:04 -07:00
amba	…
android	…
ata	libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD.	2021-09-03 08:06:02 -06:00
atm	…
auxdisplay	…
base	Merge branches 'pm-cpufreq', 'pm-sleep' and 'pm-em'	2021-09-10 20:26:08 +02:00
bcma	Driver core update for 5.15-rc1	2021-09-01 08:44:42 -07:00
block	virtio,vdpa,vhost: features, fixes	2021-09-11 14:48:42 -07:00
bluetooth	…
bus	ARM: SoC drivers for 5.15	2021-09-01 15:25:28 -07:00
cdrom	…
char	IPMI: A couple of very minor fixes for style and rate limiting	2021-09-12 11:44:58 -07:00
clk	One patch to fix an unused variable warning in a Qualcomm clk driver.	2021-09-11 10:05:56 -07:00
clocksource	- converted Pistachio platform to use MIPS generic kernel	2021-09-03 11:11:54 -07:00
comedi	…
connector	…
counter	…
cpufreq	Merge branches 'pm-cpufreq', 'pm-sleep' and 'pm-em'	2021-09-10 20:26:08 +02:00
cpuidle	- Core Frameworks	2021-09-07 12:38:59 -07:00
crypto	pci-v5.15-changes	2021-09-07 19:13:42 -07:00
cxl	cxl for v5.15	2021-09-09 11:48:27 -07:00
dax	libnvdimm for v5.15	2021-09-09 11:39:57 -07:00
dca	…
devfreq	devfreq: use HZ macros	2021-09-08 11:50:26 -07:00
dio	…
dma	dmaengine updates for v5.15-rc1	2021-09-09 11:07:47 -07:00
dma-buf	dma-buf: use the new iterator in dma_resv_poll	2021-10-07 14:49:11 +02:00
edac	Updates to the interrupt core and driver subsystems:	2021-08-30 14:38:37 -07:00
eisa	…
extcon	…
firewire	FireWire (IEEE 1394) subsystem updates:	2021-09-11 09:47:33 -07:00
firmware	- Add the tegra3 thermal sensor and fix the compilation testing on	2021-09-11 09:20:57 -07:00
fpga	Driver core update for 5.15-rc1	2021-09-01 08:44:42 -07:00
fsi	…
gnss	…
gpio	gpio updates for v5.15	2021-09-07 12:27:27 -07:00
gpu	Revert "drm/panel: Add support for Sharp LS060T1SX01 panel"	2021-10-09 19:15:26 +02:00
greybus	…
hid	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid	2021-09-02 14:30:46 -07:00
hsi	…
hv	hyperv-next for 5.15	2021-09-01 18:25:20 -07:00
hwmon	Merge branch 'akpm' (patches from Andrew)	2021-09-08 12:55:35 -07:00
hwspinlock	…
hwtracing	Driver core update for 5.15-rc1	2021-09-01 08:44:42 -07:00
i2c	platform-drivers-x86 for v5.15-1	2021-09-02 13:49:39 -07:00
i3c	…
idle	…
iio	Merge branch 'akpm' (patches from Andrew)	2021-09-08 12:55:35 -07:00
infiniband	RDMA v5.15 merge window 2nd Pull Request	2021-09-09 11:14:14 -07:00
input	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input	2021-09-11 09:08:28 -07:00
interconnect	interconnect changes for 5.15	2021-08-24 15:33:04 +02:00
iommu	virtio,vdpa,vhost: features, fixes	2021-09-11 14:48:42 -07:00
ipack	TTY / Serial patches for 5.15-rc1	2021-09-01 09:51:16 -07:00
irqchip	Merge branch irq/qcom-pdc-nowake-cleanup into irq/irqchip-next	2021-08-23 09:50:46 +01:00
isdn	Kbuild updates for v5.15	2021-09-03 15:33:47 -07:00
leds	…
macintosh	Kbuild updates for v5.15	2021-09-03 15:33:47 -07:00
mailbox	mailbox: cmdq: add multi-gce clocks support for mt8195	2021-08-31 22:57:45 -05:00
mcb	…
md	libnvdimm for v5.15	2021-09-09 11:39:57 -07:00
media	Merge branch 'akpm' (patches from Andrew)	2021-09-08 12:55:35 -07:00
memory	…
memstick	Driver core update for 5.15-rc1	2021-09-01 08:44:42 -07:00
message	…
mfd	- Core Frameworks	2021-09-07 12:38:59 -07:00
misc	Misc driver fix for 5.15-rc1	2021-09-12 11:56:00 -07:00
mmc	Merge branch 'akpm' (patches from Andrew)	2021-09-03 10:08:28 -07:00
most	…
mtd	Merge branch 'akpm' (patches from Andrew)	2021-09-08 12:55:35 -07:00
mux	…
net	pci-v5.15-changes	2021-09-07 19:13:42 -07:00
nfc	nfc: st95hf: remove unused header includes	2021-08-26 09:13:36 +01:00
ntb	Bug fixes and clean-ups for Linux v5.15	2021-09-07 13:05:02 -07:00
nubus	…
nvdimm	cxl for v5.15	2021-09-09 11:48:27 -07:00
nvme	nvme: add error handling support for add_disk()	2021-09-06 10:08:09 +02:00
nvmem	…
of	of: property: Disable fw_devlink DT support for X86	2021-09-10 11:21:49 -05:00
opp	Merge branches 'pm-pci', 'pm-sleep', 'pm-domains' and 'powercap'	2021-08-30 19:25:42 +02:00
parisc	parisc: Move pci_dev_is_behind_card_dino to where it is used	2021-09-09 12:44:31 +02:00
parport	parisc architecture updates for kernel 5.15:	2021-09-02 13:16:00 -07:00
pci	More ACPI updates for 5.15-rc1	2021-09-08 16:33:21 -07:00
pcmcia	…
perf	…
phy	Merge branch 'akpm' (patches from Andrew)	2021-09-08 12:55:35 -07:00
pinctrl	Kbuild updates for v5.15	2021-09-03 15:33:47 -07:00
platform	chrome platform changes for 5.15	2021-09-08 16:43:46 -07:00
pnp	…
power	power supply and reset changes for the v5.15 series	2021-08-30 11:47:32 -07:00
powercap	powercap: Add Power Limit4 support for Alder Lake SoC	2021-08-25 20:12:16 +02:00
pps	…
ps3	…
ptp	ptp: ocp: Simplify Kconfig.	2021-08-26 12:06:42 +01:00
pwm	pwm: mtk-disp: Implement atomic API .get_state()	2021-09-02 22:27:46 +02:00
rapidio	…
ras	…
regulator	Merge remote-tracking branch 'regulator/for-5.14' into regulator-linus	2021-08-25 16:05:24 +01:00
remoteproc	…
reset	ARM: SoC drivers for 5.15	2021-09-01 15:25:28 -07:00
rpmsg	…
rtc	rtc: rx8010: select REGMAP_I2C	2021-09-09 10:18:40 +02:00
s390	2nd batch of s390 updates for 5.15 merge window	2021-09-09 12:55:12 -07:00
sbus	…
scsi	pci-v5.15-changes	2021-09-07 19:13:42 -07:00
sh	…
siox	…
slimbus	Driver core update for 5.15-rc1	2021-09-01 08:44:42 -07:00
soc	ARM: SoC drivers for 5.15	2021-09-01 15:25:28 -07:00
soundwire	sound updates for 5.15-rc1	2021-09-01 10:29:29 -07:00
spi	ARM: SoC drivers for 5.15	2021-09-01 15:25:28 -07:00
spmi	…
ssb	…
staging	Kbuild updates for v5.15	2021-09-03 15:33:47 -07:00
target	SCSI misc on 20210902	2021-09-02 15:09:46 -07:00
tc	…
tee	…
thermal	- Add the tegra3 thermal sensor and fix the compilation testing on	2021-09-11 09:20:57 -07:00
thunderbolt	thunderbolt: test: split up test cases in tb_test_credit_alloc_all	2021-09-06 12:27:03 -07:00
tty	parisc architecture updates for kernel 5.15:	2021-09-02 13:16:00 -07:00
uio	…
usb	Merge drm/drm-next into drm-misc-next	2021-09-14 09:25:30 +02:00
vdpa	virtio,vdpa,vhost: features, fixes	2021-09-11 14:48:42 -07:00
vfio	VFIO update for v5.15-rc1	2021-09-02 13:41:33 -07:00
vhost	virtio,vdpa,vhost: features, fixes	2021-09-11 14:48:42 -07:00
video	fbdev: fbmem: Fix double free of 'fb_info->pixmap.addr'	2021-10-10 09:50:32 +02:00
virt	…
virtio	virtio,vdpa,vhost: features, fixes	2021-09-11 14:48:42 -07:00
visorbus	…
vlynq	…
vme	…
w1	…
watchdog	…
xen	Kbuild updates for v5.15	2021-09-03 15:33:47 -07:00
zorro	…
Kconfig	…
Makefile	…