| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <cover.1743580881.git.luying1@xiaomi.com> Date: Wed, 2 Apr 2025 16:06:28 +0800 From: Ying Lu <luying526@...il.com> To: oneukum@...e.com, andrew+netdev@...n.ch, davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com Cc: netdev@...r.kernel.org, linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org, gregkh@...uxfoundation.org, Ying Lu <luying1@...omi.com> Subject: [PATCH v3 0/1] usbnet:fix NPE during rx_complete From: Ying Lu <luying1@...omi.com> The patchset fix the issue caused by the following modifications: commit 04e906839a053f092ef53f4fb2d610983412b904 (usbnet: fix cyclical race on disconnect with work queue) The issue: The usb_submit_urb function lacks a usbnet_going_away validation, whereas __usbnet_queue_skb includes this check. This inconsistency creates a race condition where: A URB request may succeed, but the corresponding SKB data fails to be queued. Subsequent processes (e.g., rx_complete → defer_bh → __skb_unlink(skb, list)) attempt to access skb->next, triggering a NULL pointer dereference (Kernel Panic). Fix issue: adding the usbnet_going_away check in usb_submit_urb to synchronize the validation logic. Changes in v3 -use the correct "Fixes:" tag format. Changes in v2 -Use the formal name instead of an email alias. Ying Lu (1): usbnet:fix NPE during rx_complete drivers/net/usb/usbnet.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) -- 2.49.0
Powered by blists - more mailing lists