Re: [PATCH v2] HID: mcp-2221: prevent UAF in delayed work

From: Jiri Kosina
Date: Mon Feb 20 2023 - 04:10:07 EST

Next message: David Laight: "RE: [RFC PATCH 2/4] tools/nolibc: add integer types and integer limit macros"
Previous message: AngeloGioacchino Del Regno: "Re: [PATCH v1 01/17] thermal/core: Add a thermal zone 'devdata' accessor"
In reply to: Benjamin Tissoires: "[PATCH v2] HID: mcp-2221: prevent UAF in delayed work"
Next in thread: Benjamin Tissoires: "Re: [PATCH v2] HID: mcp-2221: prevent UAF in delayed work"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 16 Feb 2023, Benjamin Tissoires wrote:

> If the device is plugged/unplugged without giving time for mcp_init_work()
> to complete, we might kick in the devm free code path and thus have
> unavailable struct mcp_2221 while in delayed work.
>
> Canceling the delayed_work item is enough to solve the issue, because
> cancel_delayed_work_sync will prevent the work item to requeue itself.
>
> Signed-off-by: Benjamin Tissoires <benjamin.tissoires@xxxxxxxxxx>

Acked-by: Jiri Kosina <jkosina@xxxxxxx>

Thanks Benjamin.

--
Jiri Kosina
SUSE Labs

Next message: David Laight: "RE: [RFC PATCH 2/4] tools/nolibc: add integer types and integer limit macros"
Previous message: AngeloGioacchino Del Regno: "Re: [PATCH v1 01/17] thermal/core: Add a thermal zone 'devdata' accessor"
In reply to: Benjamin Tissoires: "[PATCH v2] HID: mcp-2221: prevent UAF in delayed work"
Next in thread: Benjamin Tissoires: "Re: [PATCH v2] HID: mcp-2221: prevent UAF in delayed work"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]