Re: [PATCH] nfc: pn533: Fix null-ptr-deref in pn533_recv_frame()
From: Yuxuan-Hu
Date: Wed Apr 24 2024 - 10:01:39 EST
Hi Krzysztof,
Thanks for your reply.
On 2024/4/24 13:36, Krzysztof Kozlowski wrote:
A bit better solution would be to NULL-ify dev->cmd at the beginning of
pn533_send_async_complete(), because that seems logical. The complete
callback takes ownership of dev->cmd, so why it performs the assignment
at the end?
However even above code will keep the race open for short period.
Probably some locking would solve it or checking for dev->cmd in few
places with barriers.
Best regards,
Krzysztof
I think adding a lock seems to be a better solution, however, acquire a
lock on each access to dev->cmd does not seem to be an appropriate
implementation.
I wonder whether you think it is appropriate to acquire a lock at the
beginning of pn533_recv_frame(), and release it when
pn533_wq_cmd_complete() is finished, thus ensuring that another work
will not start when one pn533_wq_cmd_complete() work is not yet finished.
Best regards,
Yuxuan