scmi: Avoid a use-after-free
ClosedPublic
Actions

Authored by andrew on Mon, Jun 9, 3:47 PM.

Details

Reviewers

cristian.marussi_arm.com
emaste

Group Reviewers

arm64

Commits

rGd41a2ba73cbe: scmi: Avoid a use-after-free

Summary

Use LIST_FOREACH_SAFE to avoid a use-after-free in scmi_reqs_pool_free.
The next pointer will be invalid after the call to free meaning
LIST_FOREACH will dereference a freed struct to move to the next item.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

andrew created this revision.Mon, Jun 9, 3:47 PM

Herald added a subscriber: imp. · View Herald TranscriptMon, Jun 9, 3:47 PM

andrew requested review of this revision.Mon, Jun 9, 3:47 PM

Harbormaster completed remote builds in B64721: Diff 156714.Mon, Jun 9, 3:47 PM

LGTM with two little notes:

Commit message cut off

The next pointer will be invalid when

Also it seems we generally have unique names for the field and tvar (I spotted one existing duplicate case, in uath_txfrag_setup)

andrew edited the summary of this revision. (Show Details)Tue, Jun 10, 2:13 PM

Make the temp var unique

Harbormaster completed remote builds in B64746: Diff 156787.Tue, Jun 10, 2:14 PM

emaste accepted this revision as: emaste.Tue, Jun 10, 4:48 PM

This revision is now accepted and ready to land.Tue, Jun 10, 4:48 PM

Closed by commit rGd41a2ba73cbe: scmi: Avoid a use-after-free (authored by andrew). · Explain WhyWed, Jun 11, 9:35 AM

This revision was automatically updated to reflect the committed changes.

andrew added a commit: rGd41a2ba73cbe: scmi: Avoid a use-after-free.

Revision Contents
Changeset List

Path

Size

sys/

dev/

firmware/

arm/

scmi.c

4 lines

Diff 156827

View Options

sys/dev/firmware/arm/scmi.c

scmi: Avoid a use-after-freeClosedPublicActions