lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 6 Sep 2022 15:08:23 +0200 From: Andrew Lunn <andrew@...n.ch> To: Mattias Forsblad <mattias.forsblad@...il.com> Cc: netdev@...r.kernel.org, Vivien Didelot <vivien.didelot@...il.com>, Florian Fainelli <f.fainelli@...il.com>, Vladimir Oltean <olteanv@...il.com>, "David S . Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com> Subject: Re: [PATCH net-next v4 3/6] net: dsa: Introduce dsa tagger data operation. > switch (code) { > case DSA_CODE_FRAME2REG: > - /* Remote management is not implemented yet, > - * drop. > - */ > + tagger_data = ds->tagger_data; > + if (likely(tagger_data->decode_frame2reg)) > + tagger_data->decode_frame2reg(dev, skb); > return NULL; > case DSA_CODE_ARP_MIRROR: > case DSA_CODE_POLICY_MIRROR: > @@ -323,6 +326,25 @@ static struct sk_buff *dsa_rcv_ll(struct sk_buff *skb, struct net_device *dev, > return skb; > } > +static void dsa_tag_disconnect(struct dsa_switch *ds) > +{ > + kfree(ds->tagger_data); > + ds->tagger_data = NULL; > +} Probably a question for Vladimir. Is there a potential use after free here? Is it guaranteed that the masters dev->dsa_ptr will be cleared before the disconnect function is called? Also, the receive function checks for tagger_data->decode_frame2reg, but does not check for tagger_data != NULL. This is just a straight copy of tag_qca, so if there are issues here, they are probably not new issues. Andrew
Powered by blists - more mailing lists