drivers/net/hamradio/6pack.c · 0b9111922b1f399aba6ed1e1b8f2079c3da1aed8 · openeuler / Kernel

hamradio: defer 6pack kfree after unregister_netdev · 0b911192

由 Lin Ma 提交于 11月 08, 2021

There is a possible race condition (use-after-free) like below

 (USE)                       |  (FREE)
  dev_queue_xmit             |
   __dev_queue_xmit          |
    __dev_xmit_skb           |
     sch_direct_xmit         | ...
      xmit_one               |
       netdev_start_xmit     | tty_ldisc_kill
        __netdev_start_xmit  |  6pack_close
         sp_xmit             |   kfree
          sp_encaps          |
                             |

According to the patch "defer ax25 kfree after unregister_netdev", this
patch reorder the kfree after the unregister_netdev to avoid the possible
UAF as the unregister_netdev() is well synchronized and won't return if
there is a running routine.
Signed-off-by: NLin Ma <linma@zju.edu.cn>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

0b911192

6pack.c 23.2 KB

openeuler / Kernel 大约 1 年 前同步成功

Replace 6pack.c

openeuler / Kernel
大约 1 年前同步成功