Re: [PATCH] wireless: ath10k: Fix a use after free in ath10k_htc_send_bundle

From: Kalle Valo
Date: Thu Apr 22 2021 - 09:54:38 EST

Next message: Brendan Jackman: "Re: Help with verifier failure"
Previous message: irqchip-bot for Marc Zyngier: "[irqchip: irq/irqchip-next] ARM: PXA: Kill use of irq_create_strict_mappings()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Lv Yunlong <lyl2019@xxxxxxxxxxxxxxxx> wrote:

> In ath10k_htc_send_bundle, the bundle_skb could be freed by
> dev_kfree_skb_any(bundle_skb). But the bundle_skb is used later
> by bundle_skb->len.
>
> As skb_len = bundle_skb->len, my patch replaces bundle_skb->len to
> skb_len after the bundle_skb was freed.
>
> Fixes: c8334512f3dd1 ("ath10k: add htt TX bundle for sdio")
> Signed-off-by: Lv Yunlong <lyl2019@xxxxxxxxxxxxxxxx>
> Signed-off-by: Kalle Valo <kvalo@xxxxxxxxxxxxxx>

Patch applied to ath-next branch of ath.git, thanks.

8392df5d7e0b ath10k: Fix a use after free in ath10k_htc_send_bundle

--
https://patchwork.kernel.org/project/linux-wireless/patch/20210329120154.8963-1-lyl2019@xxxxxxxxxxxxxxxx/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

Next message: Brendan Jackman: "Re: Help with verifier failure"
Previous message: irqchip-bot for Marc Zyngier: "[irqchip: irq/irqchip-next] ARM: PXA: Kill use of irq_create_strict_mappings()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]