Re: [PATCH v3] usbip: vudc: Fix use after free bug in vudc_remove due to race condition

From: Zheng Hacker
Date: Thu Mar 16 2023 - 14:02:43 EST

Next message: kernel test robot: "Re: [PATCH RESEND] thermal/drivers/mediatek/lvts_thermal: Register thermal zones as hwmon sensors"
Previous message: Joel Fernandes: "Re: [PATCH 04/13] tracing: Rename kvfree_rcu() to kvfree_rcu_mightsleep()"
In reply to: Shuah Khan: "Re: [PATCH v3] usbip: vudc: Fix use after free bug in vudc_remove due to race condition"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Shuah Khan <skhan@xxxxxxxxxxxxxxxxxxx> 于2023年3月17日周五 01:57写道：
>
> On 3/16/23 11:44, Zheng Wang wrote:
> > In vudc_probe, it calls init_vudc_hw, which bound &udc->timer with v_timer.
> >
> > When it calls usbip_sockfd_store, it will call v_start_timer to start the
> > timer work.
> >
> > When we call vudc_remove to remove the driver, theremay be a sequence as
> > follows:
> >
>
> When you resend the patch as you indicated would, please add details
> on how you found this proble,m.
>

Get it, I found it by static analysis. So this might be false postive.

Best regards,
Zheng

> > Fix it by shutdown the timer work before cleanup in vudc_remove.
> >
>
> thanks,
> -- Shuah
>

Next message: kernel test robot: "Re: [PATCH RESEND] thermal/drivers/mediatek/lvts_thermal: Register thermal zones as hwmon sensors"
Previous message: Joel Fernandes: "Re: [PATCH 04/13] tracing: Rename kvfree_rcu() to kvfree_rcu_mightsleep()"
In reply to: Shuah Khan: "Re: [PATCH v3] usbip: vudc: Fix use after free bug in vudc_remove due to race condition"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]