Re: [PATCH net v2] 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition

From: Zheng Hacker
Date: Mon Mar 13 2023 - 21:07:56 EST

Next message: zhuyinbo: "Re: [PATCH v13 2/2] clk: clk-loongson2: add clock controller driver support"
Previous message: lihuisong (C): "Re: [PATCH 2/2] mailbox: pcc: Support shared interrupt for multiple subspaces"
In reply to: Zheng Hacker: "Re: [PATCH net v2] 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition"
Next in thread: Zheng Wang: "[PATCH net v2] 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jakub Kicinski <kuba@xxxxxxxxxx> 于2023年3月14日周二 05:30写道：
>
> On Mon, 13 Mar 2023 14:54:20 +0100 Michal Swiatkowski wrote:
> > > @@ -274,12 +274,17 @@ static const struct xenbus_device_id xen_9pfs_front_ids[] = {
> > > static void xen_9pfs_front_free(struct xen_9pfs_front_priv *priv)
> > > {
> > > int i, j;
> > > + struct xen_9pfs_dataring *ring = NULL;
> > Move it before int i, j to have RCT.
> >
> > >
> > > write_lock(&xen_9pfs_lock);
> > > list_del(&priv->list);
> > > write_unlock(&xen_9pfs_lock);
> > >
> > > for (i = 0; i < priv->num_rings; i++) {
> > > + /*cancel work*/
> > It isn't needed I think, the function cancel_work_sync() tells everything
> > here.
>
> Note that 9p is more storage than networking, so this patch is likely
> to go via a different tree than us.

Sorry I got confused.

Best regards,
Zheng

Next message: zhuyinbo: "Re: [PATCH v13 2/2] clk: clk-loongson2: add clock controller driver support"
Previous message: lihuisong (C): "Re: [PATCH 2/2] mailbox: pcc: Support shared interrupt for multiple subspaces"
In reply to: Zheng Hacker: "Re: [PATCH net v2] 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition"
Next in thread: Zheng Wang: "[PATCH net v2] 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]