Re: [PATCH] nfc: pn533: Fix null-ptr-deref in pn533_recv_frame()

From: Yuxuan-Hu
Date: Wed Apr 24 2024 - 10:01:39 EST

Next message: George Stark: "Re: [PATCH v4 1/2] pwm: meson: Add support for Amlogic S4 PWM"
Previous message: Joshua Yeong: "RE: [PATCH v3 0/2] Add StarFive's JH8100 StarLink Cache Controller"
In reply to: Krzysztof Kozlowski: "Re: [PATCH] nfc: pn533: Fix null-ptr-deref in pn533_recv_frame()"
Next in thread: Krzysztof Kozlowski: "Re: [PATCH] nfc: pn533: Fix null-ptr-deref in pn533_recv_frame()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Krzysztof,
Thanks for your reply.

On 2024/4/24 13:36, Krzysztof Kozlowski wrote:

A bit better solution would be to NULL-ify dev->cmd at the beginning of
pn533_send_async_complete(), because that seems logical. The complete
callback takes ownership of dev->cmd, so why it performs the assignment
at the end?

However even above code will keep the race open for short period.
Probably some locking would solve it or checking for dev->cmd in few
places with barriers.

Best regards,
Krzysztof

I think adding a lock seems to be a better solution, however, acquire a lock on each access to dev->cmd does not seem to be an appropriate implementation.
I wonder whether you think it is appropriate to acquire a lock at the beginning of pn533_recv_frame(), and release it when pn533_wq_cmd_complete() is finished, thus ensuring that another work will not start when one pn533_wq_cmd_complete() work is not yet finished.

Best regards,
Yuxuan

Next message: George Stark: "Re: [PATCH v4 1/2] pwm: meson: Add support for Amlogic S4 PWM"
Previous message: Joshua Yeong: "RE: [PATCH v3 0/2] Add StarFive's JH8100 StarLink Cache Controller"
In reply to: Krzysztof Kozlowski: "Re: [PATCH] nfc: pn533: Fix null-ptr-deref in pn533_recv_frame()"
Next in thread: Krzysztof Kozlowski: "Re: [PATCH] nfc: pn533: Fix null-ptr-deref in pn533_recv_frame()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]