Re: [PATCH] atm: idt77252: fix use-after-free bugs caused by tst_timer

From: patchwork-bot+netdevbpf
Date: Tue Aug 09 2022 - 00:00:34 EST

Next message: patchwork-bot+netdevbpf: "Re: [PATCH net v1 1/1] net: phy: c45 baset1: do not skip aneg configuration if clock role is not specified"
Previous message: patchwork-bot+netdevbpf: "Re: [PATCH net] net: dsa: felix: fix min gate len calculation for tc when its first gate is closed"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello:

This patch was applied to netdev/net.git (master)
by Jakub Kicinski <kuba@xxxxxxxxxx>:

On Fri, 5 Aug 2022 15:00:08 +0800 you wrote:
> There are use-after-free bugs caused by tst_timer. The root cause
> is that there are no functions to stop tst_timer in idt77252_exit().
> One of the possible race conditions is shown below:
>
> (thread 1) | (thread 2)
> | idt77252_init_one
> | init_card
> | fill_tst
> | mod_timer(&card->tst_timer, ...)
> idt77252_exit | (wait a time)
> | tst_timer
> |
> | ...
> kfree(card) // FREE |
> | card->soft_tst[e] // USE
>
> [...]

Here is the summary with links:
- atm: idt77252: fix use-after-free bugs caused by tst_timer
https://git.kernel.org/netdev/net/c/3f4093e2bf46

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

Next message: patchwork-bot+netdevbpf: "Re: [PATCH net v1 1/1] net: phy: c45 baset1: do not skip aneg configuration if clock role is not specified"
Previous message: patchwork-bot+netdevbpf: "Re: [PATCH net] net: dsa: felix: fix min gate len calculation for tc when its first gate is closed"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]