Re: [PATCH net] net: ethernet: fix use after free bug in ns83820_remove_one due to race condition

From: Zheng Hacker
Date: Mon Mar 13 2023 - 22:00:13 EST

Next message: Zhang, Rui: "Re: [PATCH v2 0/4] thermal: core/ACPI: Fix processor cooling device regression"
Previous message: Davidlohr Bueso: "Re: [PATCH v2 0/6] tmpfs: add the option to disable swap"
In reply to: Jakub Kicinski: "Re: [PATCH net] net: ethernet: fix use after free bug in ns83820_remove_one due to race condition"
Next in thread: Jakub Kicinski: "Re: [PATCH net] net: ethernet: fix use after free bug in ns83820_remove_one due to race condition"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jakub Kicinski <kuba@xxxxxxxxxx> 于2023年3月14日周二 07:26写道：
>
> On Thu, 9 Mar 2023 17:42:31 +0800 Zheng Wang wrote:
> > + cancel_work_sync(&dev->tq_refill);
> > ns83820_disable_interrupts(dev); /* paranoia */
> >
> > unregister_netdev(ndev);
>
> Canceling the work before unregister can't work.
> Please take a closer look, the work to refill a ring should be
> canceled when the ring itself is dismantled.

Hi Jakub,

Thanks for your review! After seeing code again, I found when handling
IRQ request, it will finally call ns83820_irq->ns83820_do_isr->
ns83820_rx_kick->schedule_work to start work. So I think we should
move the code after free_irq. What do you think?

Best regards,
Zheng

Next message: Zhang, Rui: "Re: [PATCH v2 0/4] thermal: core/ACPI: Fix processor cooling device regression"
Previous message: Davidlohr Bueso: "Re: [PATCH v2 0/6] tmpfs: add the option to disable swap"
In reply to: Jakub Kicinski: "Re: [PATCH net] net: ethernet: fix use after free bug in ns83820_remove_one due to race condition"
Next in thread: Jakub Kicinski: "Re: [PATCH net] net: ethernet: fix use after free bug in ns83820_remove_one due to race condition"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]