RE: [PATCH 1/2] net: fec: fix use-after-free in fec_drv_remove
From: Joakim Zhang
Date: Wed Aug 04 2021 - 22:25:11 EST
> -----Original Message-----
> From: Pavel Skripkin <paskripkin@xxxxxxxxx>
> Sent: 2021年8月4日 23:52
> To: davem@xxxxxxxxxxxxx; kuba@xxxxxxxxxx; Joakim Zhang
> <qiangqing.zhang@xxxxxxx>; hslester96@xxxxxxxxx; fugang.duan@xxxxxxx
> Cc: dan.carpenter@xxxxxxxxxx; netdev@xxxxxxxxxxxxxxx;
> linux-kernel@xxxxxxxxxxxxxxx; Pavel Skripkin <paskripkin@xxxxxxxxx>
> Subject: [PATCH 1/2] net: fec: fix use-after-free in fec_drv_remove
>
> Smatch says:
> drivers/net/ethernet/freescale/fec_main.c:3994 fec_drv_remove() error:
> Using fep after free_{netdev,candev}(ndev);
> drivers/net/ethernet/freescale/fec_main.c:3995 fec_drv_remove() error:
> Using fep after free_{netdev,candev}(ndev);
>
> Since fep pointer is netdev private data, accessing it after free_netdev() call can
> cause use-after-free bug. Fix it by moving free_netdev() call at the end of the
> function
>
> Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> Fixes: a31eda65ba21 ("net: fec: fix clock count mis-match")
> Signed-off-by: Pavel Skripkin <paskripkin@xxxxxxxxx>
> ---
Thanks.
Reviewed-by: Joakim Zhang <qiangqing.zhang@xxxxxxx>
Best Regards,
Joakim Zhang