| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 Aug 2022 10:03:00 +0200
From: Stefan Schmidt <stefan@...enfreihafen.org>
To: Lin Ma <linma@....edu.cn>, michael.hennerich@...log.com,
alex.aring@...il.com, davem@...emloft.net, edumazet@...gle.com,
kuba@...nel.org, pabeni@...hat.com, linux-wpan@...r.kernel.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v0] ieee802154/adf7242: defer destroy_workqueue call
Hello.
On 08.08.22 05:42, Lin Ma wrote:
> There is a possible race condition (use-after-free) like below
>
> (FREE) | (USE)
> adf7242_remove | adf7242_channel
> cancel_delayed_work_sync |
> destroy_workqueue (1) | adf7242_cmd_rx
> | mod_delayed_work (2)
> |
>
> The root cause for this race is that the upper layer (ieee802154) is
> unaware of this detaching event and the function adf7242_channel can
> be called without any checks.
>
> To fix this, we can add a flag write at the beginning of adf7242_remove
> and add flag check in adf7242_channel. Or we can just defer the
> destructive operation like other commit 3e0588c291d6 ("hamradio: defer
> ax25 kfree after unregister_netdev") which let the
> ieee802154_unregister_hw() to handle the synchronization. This patch
> takes the second option.
>
> Fixes: 58e9683d1475 ("net: ieee802154: adf7242: Fix OCL calibration
> runs")
> Signed-off-by: Lin Ma <linma@....edu.cn>
This patch has been applied to the wpan tree and will be
part of the next pull request to net. Thanks!
regards
Stefan Schmidt
Powered by blists - more mailing lists