[PATCH v2 0/2] Console/stdio use after free
Nicolas Saenz Julienne
nsaenzjulienne at suse.de
Thu Jan 28 14:12:38 CET 2021
With today's master, 70c2525c0d3c ('IOMUX: Stop dropped consoles')
introduces a use after free in usb_kbd_remove():
- usbkbd's stdio device is de-registered with stdio_deregister_dev(),
the struct stdio_dev is freed.
- iomux_doenv() is called, usbkbd removed from the console list, and
console_stop() is called on the struct stdio_dev pointer that no
longer exists.
This series mitigates this by making sure the pointer is really a stdio
device prior performing the stop operation. It's not ideal, but I
couldn't figure out a nicer way to fix this.
Regards,
Nicolas
---
Changes since v1:
- Comment new function
- Add comment stating this needs a proper fix
Nicolas Saenz Julienne (2):
stdio: Introduce stdio_valid()
console: Don't start/stop console if stdio device invalid
common/console.c | 9 +++++++++
common/stdio.c | 11 +++++++++++
include/stdio_dev.h | 11 +++++++++++
3 files changed, 31 insertions(+)
--
2.30.0
More information about the U-Boot
mailing list