lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 24 Apr 2024 22:00:49 +0800
From: Yuxuan-Hu <yuxuanhu@...a.edu.cn>
To: Krzysztof Kozlowski <krzk@...nel.org>, Yuxuan Hu <20373622@...a.edu.cn>,
 gregkh@...uxfoundation.org, johan@...nel.org, davem@...emloft.net,
 u.kleine-koenig@...gutronix.de, Jonathan.Cameron@...wei.com,
 francesco.dolcini@...adex.com, jirislaby@...nel.org
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
 baijiaju1990@...il.com, sy2239101@...a.edu.cn
Subject: Re: [PATCH] nfc: pn533: Fix null-ptr-deref in pn533_recv_frame()

Hi Krzysztof,
Thanks for your reply.

On 2024/4/24 13:36, Krzysztof Kozlowski wrote:
> A bit better solution would be to NULL-ify dev->cmd at the beginning of
> pn533_send_async_complete(), because that seems logical. The complete
> callback takes ownership of dev->cmd, so why it performs the assignment
> at the end?
>
> However even above code will keep the race open for short period.
> Probably some locking would solve it or checking for dev->cmd in few
> places with barriers.
>
> Best regards,
> Krzysztof

I think adding a lock seems to be a better solution, however, acquire a 
lock on each access to dev->cmd does not seem to be an appropriate 
implementation.
I wonder whether you think it is appropriate to acquire a lock at the 
beginning of pn533_recv_frame(), and release it when 
pn533_wq_cmd_complete() is finished, thus ensuring that another work 
will not start when one pn533_wq_cmd_complete() work is not yet finished.

Best regards,
Yuxuan


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ