From patchwork Fri Jun 14 07:46:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Abhishek Singh Tomar X-Patchwork-Id: 1947715 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=OJlxvV5S; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org (client-ip=2404:9400:2:0:216:3eff:fee1:b9f1; helo=lists.ozlabs.org; envelope-from=skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org; receiver=patchwork.ozlabs.org) Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2404:9400:2:0:216:3eff:fee1:b9f1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4W0rwJ67FJz20QH for ; Fri, 14 Jun 2024 17:47:28 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=OJlxvV5S; dkim-atps=neutral Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4W0rwH6jDJz3cY0 for ; Fri, 14 Jun 2024 17:47:27 +1000 (AEST) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=OJlxvV5S; dkim-atps=neutral Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=abhishek@linux.ibm.com; receiver=lists.ozlabs.org) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4W0rwC6PTFz3cXJ for ; Fri, 14 Jun 2024 17:47:23 +1000 (AEST) Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 45E7lMMV003511; Fri, 14 Jun 2024 07:47:22 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from :to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=pp1; bh=U3pvoi41u2SkN ie+DxIAxaI6RVNg/Bx+kwunhNNuthg=; b=OJlxvV5Smt0QVLHRlcDD8qy0ZkZSl oPztFYfyR/sMvrRxkLzOs7JG1WbIkF2OAkDIXqiJcCTSEUc3OJnLnpQZOYouDJe5 P8gPFY4jhKmbuz3XMqv4AbSPtPl86ljdmQuBdWuRfUFogHLw1Q+mKKfNWK70Xh8J /21XkuRfero978GwmEDiu1+G+npitZUmHoPZhNXPwex5kLL/Ass2+TLyO+qsK7gk WcFsh9k57jTd8vNg3oAknFXt5dbJnBzRrn55o/zUJqYSCM6DkR70Ydi5PzssmVwd tQkdor3jkWjluVJIrr7vK60jGTOD00+jzyme0V0cuGiBLfMnCQNnUGfiQ== Received: from ppma21.wdc07v.mail.ibm.com (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3yrh2eg4r8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 14 Jun 2024 07:47:22 +0000 (GMT) Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1]) by ppma21.wdc07v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 45E6UJMj003930 for ; Fri, 14 Jun 2024 07:47:21 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 3yn2mqfepn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 14 Jun 2024 07:47:21 +0000 Received: from smtpav07.fra02v.mail.ibm.com (smtpav07.fra02v.mail.ibm.com [10.20.54.106]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 45E7lFUU48693526 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 14 Jun 2024 07:47:17 GMT Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 63CB62004E; Fri, 14 Jun 2024 07:47:15 +0000 (GMT) Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 506C42004D; Fri, 14 Jun 2024 07:47:14 +0000 (GMT) Received: from li-22421c4c-355e-11b2-a85c-fdc6c782cba9.ibm.com.com (unknown [9.171.38.19]) by smtpav07.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 14 Jun 2024 07:47:14 +0000 (GMT) From: Abhishek Singh Tomar To: skiboot@lists.ozlabs.org Date: Fri, 14 Jun 2024 13:16:01 +0530 Message-ID: <20240614074601.21174-3-abhishek@linux.ibm.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240614074601.21174-2-abhishek@linux.ibm.com> References: <20240614074601.21174-2-abhishek@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: Dw5C1DBJK43PULtmi017asSxs8Vh1aKn X-Proofpoint-GUID: Dw5C1DBJK43PULtmi017asSxs8Vh1aKn X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-06-13_15,2024-06-13_02,2024-05-17_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 priorityscore=1501 impostorscore=0 adultscore=0 mlxlogscore=999 spamscore=0 malwarescore=0 phishscore=0 bulkscore=0 mlxscore=0 suspectscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2405170001 definitions=main-2406140050 Subject: [Skiboot] [PATCH 1/2] core/pldm: Fix dangling point issue X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Abhishek Singh Tomar , arbab@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" When calling pldm_platform_init() and the GET_PDR PLDM request fails, the 'pdrs_repo' global variable is freed but becomes a dangling pointer. Subsequent calls to pldm_platform_init will lead to an invalid read. ==28652== Invalid read of size 8 ==28652== at 0x40A4C8: pldm_pdr_destroy (pdr.c:130) ==28652== by 0x424BA3: pdr_init_complete (pldm-platform-requests.c:42) ==28652== by 0x4274DA: pldm_platform_load_pdrs (pldm-platform-requests.c:1170) ==28652== by 0x42759C: pdrs_init (pldm-platform-requests.c:1190) ==28652== by 0x427703: pldm_platform_init (pldm-platform-requests.c:1221) Signed-off-by: Abhishek Singh Tomar --- core/pldm/pldm-platform-requests.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/core/pldm/pldm-platform-requests.c b/core/pldm/pldm-platform-requests.c index cb0ff9443..21ec43a47 100644 --- a/core/pldm/pldm-platform-requests.c +++ b/core/pldm/pldm-platform-requests.c @@ -38,8 +38,10 @@ static void pdr_init_complete(bool success) if (!success) { pdr_ready = false; - if (pdrs_repo) + if (pdrs_repo) { pldm_pdr_destroy(pdrs_repo); + pdrs_repo = NULL; + } return; }