[PATCH v4 1/2] mt76: mt7915: fix hwmon temp sensor mem use-after-free
Felix Fietkau
nbd at nbd.name
Fri Aug 13 07:08:45 PDT 2021
On 2021-08-13 15:54, Ben Greear wrote:
> On 8/13/21 3:15 AM, Felix Fietkau wrote:
>>
>> On 2021-07-31 04:17, Ryder Lee wrote:
>>> From: Ben Greear <greearb at candelatech.com>
>>>
>>> Without this change, garbage is seen in the hwmon name
>>> and sensors output for mt7915 is garbled.
>> Where does the use-after-free bug come from? It's not obvious to me why
>> using KBUILD_MODNAME instead of wiphy_name() fixes it.
>> I still think the phy name should probably be part of the prefix.
>
> We rename phy devices as part of our normal operation, I think maybe
> that helps trigger the bug.
>
> It appears that the hwmon logic does not make a copy of the incoming string,
> but instead just copies a char* and expects it to never go away. But,
> I did not actually verify that.
That makes sense. It seems that thermal copies the string internally,
but hwmon does not.
How about using devm_kstrdup on the wiphy name instead of using
KBUILD_MODNAME? If you really don't want to use the initial phy name,
there's also the option of using dev_name(dev->mt76.dev)
- Felix
More information about the Linux-mediatek
mailing list