Re: [PATCH v2 2/6] rpmsg: glink: Fix use after free in open_ack TIMEOUT case

From: Chris Lew
Date: Tue Oct 08 2019 - 20:51:13 EST

Next message: Paul Walmsley: "Re: [PATCH v2 6/9] RISC-V: entry: Remove unneeded need_resched() loop"
Previous message: Chris Lew: "Re: [PATCH v2 1/6] rpmsg: glink: Fix reuse intents memory leak issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/4/2019 3:26 PM, Bjorn Andersson wrote:

From: Arun Kumar Neelakantam <aneela@xxxxxxxxxxxxxx>

Extra channel reference put when remote sending OPEN_ACK after timeout
causes use-after-free while handling next remote CLOSE command.

Remove extra reference put in timeout case to avoid use-after-free.

Fixes: b4f8e52b89f6 ("rpmsg: Introduce Qualcomm RPM glink driver")
Cc: stable@xxxxxxxxxxxxxxx
Tested-by: Srinivas Kandagatla <srinivas.kandagatla@xxxxxxxxxx>
Signed-off-by: Arun Kumar Neelakantam <aneela@xxxxxxxxxxxxxx>
Signed-off-by: Bjorn Andersson <bjorn.andersson@xxxxxxxxxx>
---

Acked-By: Chris Lew <clew@xxxxxxxxxxxxxx>

--
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
a Linux Foundation Collaborative Project

Next message: Paul Walmsley: "Re: [PATCH v2 6/9] RISC-V: entry: Remove unneeded need_resched() loop"
Previous message: Chris Lew: "Re: [PATCH v2 1/6] rpmsg: glink: Fix reuse intents memory leak issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]