[PATCH 0/2] Console/stdio use after free
Simon Glass
sjg at chromium.org
Wed Jan 20 20:54:04 CET 2021
Hi Pratyush,
On Wed, 20 Jan 2021 at 11:59, Pratyush Yadav <p.yadav at ti.com> wrote:
>
> On 20/01/21 07:18AM, Simon Glass wrote:
> > Hi Nicolas,
> >
> > On Wed, 20 Jan 2021 at 07:04, Nicolas Saenz Julienne
> > <nsaenzjulienne at suse.de> wrote:
> > >
> > > With today's master, 70c2525c0d3c ('IOMUX: Stop dropped consoles')
> > > introduces a use after free in usb_kbd_remove():
> > >
> > > - usbkbd's stdio device is de-registered with stdio_deregister_dev(),
> > > the struct stdio_dev is freed.
> > >
> > > - iomux_doenv() is called, usbkbd removed from the console list, and
> > > console_stop() is called on the struct stdio_dev pointer that no
> > > longer exists.
> > >
> > > This series mitigates this by making sure the pointer is really a stdio
> > > device prior performing the stop operation. It's not ideal, but I
> > > couldn't figure out a nicer way to fix this.
> >
> > Your 'from' address is coming through as just your email. Could you
> > please update it to include your name as well?
>
> From shows the full name on my email client. For everybody apart from
> Nicholas it shows just the email, but for Nicholas I can see full name
> in both From and Cc.
>
> Maybe something wrong with your email client settings.
Yes, perhaps you are right. Looking at the list I also have this
problem for SkyLake Huang <SkyLake.Huang at mediatek.com>
Regards,
Simon
More information about the U-Boot
mailing list