Re: [PATCH V3] drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
From: patchwork-bot+netdevbpf@kernel.org
Date: 2022-02-18 11:00:17
Also in:
linux-hams, lkml
From: patchwork-bot+netdevbpf@kernel.org
Date: 2022-02-18 11:00:17
Also in:
linux-hams, lkml
Hello: This patch was applied to netdev/net.git (master) by David S. Miller [off-list ref]: On Thu, 17 Feb 2022 09:43:03 +0800 you wrote:
When a 6pack device is detaching, the sixpack_close() will act to cleanup necessary resources. Although del_timer_sync() in sixpack_close() won't return if there is an active timer, one could use mod_timer() in sp_xmit_on_air() to wake up timer again by calling userspace syscall such as ax25_sendmsg(), ax25_connect() and ax25_ioctl(). This unexpected waked handler, sp_xmit_on_air(), realizes nothing about the undergoing cleanup and may still call pty_write() to use driver layer resources that have already been released. [...]
Here is the summary with links:
- [V3] drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
https://git.kernel.org/netdev/net/c/efe4186e6a1b
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html