Re: [PATCH net] net: vlan: fix a UAF in vlan_dev_real_dev()

From: Jakub Kicinski
Date: Fri Oct 29 2021 - 09:46:17 EST

Next message: Rob Herring: "Re: linux-next: manual merge of the devicetree tree with the iommu tree"
Previous message: Zekun Shen: "Re: [PATCH] ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream"
In reply to: Jason Gunthorpe: "Re: [PATCH net] net: vlan: fix a UAF in vlan_dev_real_dev()"
Next in thread: Jason Gunthorpe: "Re: [PATCH net] net: vlan: fix a UAF in vlan_dev_real_dev()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 29 Oct 2021 09:13:24 -0300 Jason Gunthorpe wrote:
> Jakub's path would be to test vlan_dev->reg_state != NETREG_REGISTERED
> in the work queue, but that feels pretty hacky to me as the main point
> of the UNREGISTERING state is to keep the object alive enough that
> those with outstanding gets can compelte their work and release the
> get. Leaving a wrecked object in UNREGISTERING is a bad design.

That or we should investigate if we could hold the ref for real_dev all
the way until vlan_dev_free().

Next message: Rob Herring: "Re: linux-next: manual merge of the devicetree tree with the iommu tree"
Previous message: Zekun Shen: "Re: [PATCH] ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream"
In reply to: Jason Gunthorpe: "Re: [PATCH net] net: vlan: fix a UAF in vlan_dev_real_dev()"
Next in thread: Jason Gunthorpe: "Re: [PATCH net] net: vlan: fix a UAF in vlan_dev_real_dev()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]