lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230725201952.2f23bb3b@kernel.org>
Date:   Tue, 25 Jul 2023 20:19:52 -0700
From:   Jakub Kicinski <kuba@...nel.org>
To:     Zheng Wang <zyytlz.wz@....com>
Cc:     s.shtylyov@....ru, lee@...nel.org, linyunsheng@...wei.com,
        davem@...emloft.net, edumazet@...gle.com, pabeni@...hat.com,
        richardcochran@...il.com, p.zabel@...gutronix.de,
        geert+renesas@...der.be, magnus.damm@...il.com,
        yoshihiro.shimoda.uh@...esas.com, biju.das.jz@...renesas.com,
        wsa+renesas@...g-engineering.com, netdev@...r.kernel.org,
        linux-renesas-soc@...r.kernel.org, linux-kernel@...r.kernel.org,
        hackerzheng666@...il.com, 1395428693sheep@...il.com,
        alex000young@...il.com
Subject: Re: [PATCH v4] net: ravb: Fix possible UAF bug in ravb_remove

On Tue, 25 Jul 2023 11:00:26 +0800 Zheng Wang wrote:
> diff --git a/drivers/net/ethernet/renesas/ravb_main.c b/drivers/net/ethernet/renesas/ravb_main.c
> index 4d6b3b7d6abb..ce2da5101e51 100644
> --- a/drivers/net/ethernet/renesas/ravb_main.c
> +++ b/drivers/net/ethernet/renesas/ravb_main.c
> @@ -2885,6 +2885,9 @@ static int ravb_remove(struct platform_device *pdev)
>  	struct ravb_private *priv = netdev_priv(ndev);
>  	const struct ravb_hw_info *info = priv->info;
>  
> +	netif_carrier_off(ndev);
> +	netif_tx_disable(ndev);
> +	cancel_work_sync(&priv->work);

Still racy, the carrier can come back up after canceling the work.
But whatever, this is a non-issue in the first place.
The fact that ravb_tx_timeout_work doesn't take any locks seems much
more suspicious.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ