| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 25 Jul 2023 20:19:52 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Zheng Wang <zyytlz.wz@....com>
Cc: s.shtylyov@....ru, lee@...nel.org, linyunsheng@...wei.com,
davem@...emloft.net, edumazet@...gle.com, pabeni@...hat.com,
richardcochran@...il.com, p.zabel@...gutronix.de,
geert+renesas@...der.be, magnus.damm@...il.com,
yoshihiro.shimoda.uh@...esas.com, biju.das.jz@...renesas.com,
wsa+renesas@...g-engineering.com, netdev@...r.kernel.org,
linux-renesas-soc@...r.kernel.org, linux-kernel@...r.kernel.org,
hackerzheng666@...il.com, 1395428693sheep@...il.com,
alex000young@...il.com
Subject: Re: [PATCH v4] net: ravb: Fix possible UAF bug in ravb_remove
On Tue, 25 Jul 2023 11:00:26 +0800 Zheng Wang wrote:
> diff --git a/drivers/net/ethernet/renesas/ravb_main.c b/drivers/net/ethernet/renesas/ravb_main.c
> index 4d6b3b7d6abb..ce2da5101e51 100644
> --- a/drivers/net/ethernet/renesas/ravb_main.c
> +++ b/drivers/net/ethernet/renesas/ravb_main.c
> @@ -2885,6 +2885,9 @@ static int ravb_remove(struct platform_device *pdev)
> struct ravb_private *priv = netdev_priv(ndev);
> const struct ravb_hw_info *info = priv->info;
>
> + netif_carrier_off(ndev);
> + netif_tx_disable(ndev);
> + cancel_work_sync(&priv->work);
Still racy, the carrier can come back up after canceling the work.
But whatever, this is a non-issue in the first place.
The fact that ravb_tx_timeout_work doesn't take any locks seems much
more suspicious.
Powered by blists - more mailing lists