| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240911074325.55704611@kernel.org> Date: Wed, 11 Sep 2024 07:43:25 -0700 From: Jakub Kicinski <kuba@...nel.org> To: Lukasz Majewski <lukma@...x.de> Cc: Jeongjun Park <aha310510@...il.com>, davem@...emloft.net, edumazet@...gle.com, pabeni@...hat.com, horms@...nel.org, ricardo@...liere.net, m-karicheri2@...com, n.zhandarovich@...tech.ru, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, syzbot+02a42d9b1bd395cbcab4@...kaller.appspotmail.com Subject: Re: [PATCH net] net: hsr: prevent NULL pointer dereference in hsr_proxy_announce() On Wed, 11 Sep 2024 10:00:07 +0200 Lukasz Majewski wrote: > > The structs have no refcounting - should the timers be deleted with > > _sync() inside hsr_check_announce()? > > The timers don't need to be conditionally enabled (and removed) as we > discussed it previously (as they only do useful work when they are > configured and almost take no resources when declared during the > driver probe). My concern is admittedly quite theoretical, and perhaps completely impossible given current RCU implementation. But what I was saying is that timer may be running, and interrupted by a very long running interrupt, say on CPU 0. Then, say, we unregister and free hsr_dev on CPU 1. When CPU 0 resumes running the timer code it will UAF on hsr_dev. Again, probably completely theoretical. > Anyway: > > Acked-by: Lukasz Majewski <lukma@...x.de> Thanks!
Powered by blists - more mailing lists