Re: [PATCH net v2] 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition

From: Jakub Kicinski
Date: Mon Mar 13 2023 - 17:31:03 EST

Next message: Song Liu: "Re: [PATCH] md/raid10: Fix typo in comment (replacment -> replacement)"
Previous message: Nícolas F. R. A. Prado: "[PATCH 2/2] ASoC: mt8192: Move spammy messages to debug level"
In reply to: Zheng Hacker: "Re: [PATCH net v2] 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition"
Next in thread: asmadeus: "Re: [PATCH net v2] 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 13 Mar 2023 14:54:20 +0100 Michal Swiatkowski wrote:
> > @@ -274,12 +274,17 @@ static const struct xenbus_device_id xen_9pfs_front_ids[] = {
> > static void xen_9pfs_front_free(struct xen_9pfs_front_priv *priv)
> > {
> > int i, j;
> > + struct xen_9pfs_dataring *ring = NULL;
> Move it before int i, j to have RCT.
>
> >
> > write_lock(&xen_9pfs_lock);
> > list_del(&priv->list);
> > write_unlock(&xen_9pfs_lock);
> >
> > for (i = 0; i < priv->num_rings; i++) {
> > + /*cancel work*/
> It isn't needed I think, the function cancel_work_sync() tells everything
> here.

Note that 9p is more storage than networking, so this patch is likely
to go via a different tree than us.

Next message: Song Liu: "Re: [PATCH] md/raid10: Fix typo in comment (replacment -> replacement)"
Previous message: Nícolas F. R. A. Prado: "[PATCH 2/2] ASoC: mt8192: Move spammy messages to debug level"
In reply to: Zheng Hacker: "Re: [PATCH net v2] 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition"
Next in thread: asmadeus: "Re: [PATCH net v2] 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]