Re: [PATCH net] nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout

From: patchwork-bot+netdevbpf
Date: Mon Aug 22 2022 - 10:01:24 EST

Next message: Naresh Kamboju: "Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008"
Previous message: patchwork-bot+netdevbpf: "Re: [PATCH net 0/2] r8152: fix flow control settings"
In reply to: Duoming Zhou: "[PATCH net] nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello:

This patch was applied to netdev/net.git (master)
by David S. Miller <davem@xxxxxxxxxxxxx>:

On Thu, 18 Aug 2022 17:06:21 +0800 you wrote:
> When the pn532 uart device is detaching, the pn532_uart_remove()
> is called. But there are no functions in pn532_uart_remove() that
> could delete the cmd_timeout timer, which will cause use-after-free
> bugs. The process is shown below:
>
> (thread 1) | (thread 2)
> | pn532_uart_send_frame
> pn532_uart_remove | mod_timer(&pn532->cmd_timeout,...)
> ... | (wait a time)
> kfree(pn532) //FREE | pn532_cmd_timeout
> | pn532_uart_send_frame
> | pn532->... //USE
>
> [...]

Here is the summary with links:
- [net] nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout
https://git.kernel.org/netdev/net/c/f1e941dbf80a

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

Next message: Naresh Kamboju: "Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008"
Previous message: patchwork-bot+netdevbpf: "Re: [PATCH net 0/2] r8152: fix flow control settings"
In reply to: Duoming Zhou: "[PATCH net] nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]