Re: [PATCH net v2] net: rose: fix UAF bug caused by rose_t0timer_expiry

From: Jakub Kicinski
Date: Wed Jul 06 2022 - 22:02:44 EST

Next message: Tian, Kevin: "RE: [PATCH v10 11/12] iommu: Per-domain I/O page fault handling"
Previous message: Stephen Rothwell: "linux-next: manual merge of the crypto tree with the arm-perf, arm64 trees"
In reply to: Duoming Zhou: "[PATCH net v2] net: rose: fix UAF bug caused by rose_t0timer_expiry"
Next in thread: duoming: "Re: [PATCH net v2] net: rose: fix UAF bug caused by rose_t0timer_expiry"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 5 Jul 2022 20:56:10 +0800 Duoming Zhou wrote:
> + del_timer_sync(&rose_neigh->t0timer);

/**
* del_timer_sync - deactivate a timer and wait for the handler to finish.
[...]
* Synchronization rules: Callers must prevent restarting of the timer,
* otherwise this function is meaningless.

how is the restarting prevented? If I'm looking right
rose_t0timer_expiry() rearms the timer.

Next message: Tian, Kevin: "RE: [PATCH v10 11/12] iommu: Per-domain I/O page fault handling"
Previous message: Stephen Rothwell: "linux-next: manual merge of the crypto tree with the arm-perf, arm64 trees"
In reply to: Duoming Zhou: "[PATCH net v2] net: rose: fix UAF bug caused by rose_t0timer_expiry"
Next in thread: duoming: "Re: [PATCH net v2] net: rose: fix UAF bug caused by rose_t0timer_expiry"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]