Re: [PATCH v3 1/2] ath9k: fix use-after-free in ath9k_hif_usb_rx_cb

From: Pavel Skripkin
Date: Thu May 05 2022 - 15:09:55 EST

Next message: Sean Christopherson: "Re: [PATCH v7 10/11] KVM: selftests: Test disabling NX hugepages on a VM"
Previous message: Lyude Paul: "Re: [PATCH] drm/nouveau/gr/gf100-: Clean up some inconsistent indenting"
In reply to: Tetsuo Handa: "Re: [PATCH v3 1/2] ath9k: fix use-after-free in ath9k_hif_usb_rx_cb"
Next in thread: Tetsuo Handa: "Re: [PATCH v3 1/2] ath9k: fix use-after-free in ath9k_hif_usb_rx_cb"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Tetsuo,

On 5/2/22 09:10, Tetsuo Handa wrote:

And we can meet NULL defer even if we leave drv_priv = priv initialization
on it's place.

I didn't catch the location. As long as "htc_handle->drv_priv = priv;" is done
before complete_all(&hif_dev->fw_done) is done, is something wrong?

I don't really remember why I said that, but looks like I just haven't opened callbacks' code.

My point was that my patch does not change the logic, but only fixes 2 problems: UAF and NULL deref.

With regards,
Pavel Skripkin

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Next message: Sean Christopherson: "Re: [PATCH v7 10/11] KVM: selftests: Test disabling NX hugepages on a VM"
Previous message: Lyude Paul: "Re: [PATCH] drm/nouveau/gr/gf100-: Clean up some inconsistent indenting"
In reply to: Tetsuo Handa: "Re: [PATCH v3 1/2] ath9k: fix use-after-free in ath9k_hif_usb_rx_cb"
Next in thread: Tetsuo Handa: "Re: [PATCH v3 1/2] ath9k: fix use-after-free in ath9k_hif_usb_rx_cb"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]