| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YxdGR/TPuNf7E0w1@lunn.ch>
Date: Tue, 6 Sep 2022 15:08:23 +0200
From: Andrew Lunn <andrew@...n.ch>
To: Mattias Forsblad <mattias.forsblad@...il.com>
Cc: netdev@...r.kernel.org, Vivien Didelot <vivien.didelot@...il.com>,
Florian Fainelli <f.fainelli@...il.com>,
Vladimir Oltean <olteanv@...il.com>,
"David S . Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>
Subject: Re: [PATCH net-next v4 3/6] net: dsa: Introduce dsa tagger data
operation.
> switch (code) {
> case DSA_CODE_FRAME2REG:
> - /* Remote management is not implemented yet,
> - * drop.
> - */
> + tagger_data = ds->tagger_data;
> + if (likely(tagger_data->decode_frame2reg))
> + tagger_data->decode_frame2reg(dev, skb);
> return NULL;
> case DSA_CODE_ARP_MIRROR:
> case DSA_CODE_POLICY_MIRROR:
> @@ -323,6 +326,25 @@ static struct sk_buff *dsa_rcv_ll(struct sk_buff *skb, struct net_device *dev,
> return skb;
> }
> +static void dsa_tag_disconnect(struct dsa_switch *ds)
> +{
> + kfree(ds->tagger_data);
> + ds->tagger_data = NULL;
> +}
Probably a question for Vladimir.
Is there a potential use after free here? Is it guaranteed that the
masters dev->dsa_ptr will be cleared before the disconnect function is
called?
Also, the receive function checks for tagger_data->decode_frame2reg,
but does not check for tagger_data != NULL.
This is just a straight copy of tag_qca, so if there are issues here,
they are probably not new issues.
Andrew
Powered by blists - more mailing lists