[PATCH v4 1/2] mt76: mt7915: fix hwmon temp sensor mem use-after-free
Ben Greear
greearb at candelatech.com
Fri Aug 13 06:54:39 PDT 2021
On 8/13/21 3:15 AM, Felix Fietkau wrote:
>
> On 2021-07-31 04:17, Ryder Lee wrote:
>> From: Ben Greear <greearb at candelatech.com>
>>
>> Without this change, garbage is seen in the hwmon name
>> and sensors output for mt7915 is garbled.
> Where does the use-after-free bug come from? It's not obvious to me why
> using KBUILD_MODNAME instead of wiphy_name() fixes it.
> I still think the phy name should probably be part of the prefix.
We rename phy devices as part of our normal operation, I think maybe
that helps trigger the bug.
It appears that the hwmon logic does not make a copy of the incoming string,
but instead just copies a char* and expects it to never go away. But,
I did not actually verify that.
Thanks,
Ben
>
>> With the change:
>>
>> mt7915-pci-1400
>> Adapter: PCI adapter
>> temp1: +49.0°C
>>
>> Fixes: d6938251bb5b (mt76: mt7915: add thermal sensor device support)
> The format is wrong (missing quotes), and the hash references a commit
> that's not in any upstream tree.
>
> - Felix
>
--
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc http://www.candelatech.com
More information about the Linux-mediatek
mailing list