Re: [PATCH net] net: hsr: prevent NULL pointer dereference in hsr_proxy_announce()

From: Jakub Kicinski
Date: Wed Sep 11 2024 - 10:43:44 EST

Next message: Oleg Nesterov: "Re: [PATCH 1/1] ptrace: Get tracer PID without reliance on the proc FS"
Previous message: Alan Stern: "Re: [PATCH] USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up"
In reply to: Simon Horman: "Re: [PATCH net] net: hsr: prevent NULL pointer dereference in hsr_proxy_announce()"
Next in thread: patchwork-bot+netdevbpf: "Re: [PATCH net] net: hsr: prevent NULL pointer dereference in hsr_proxy_announce()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 11 Sep 2024 10:00:07 +0200 Lukasz Majewski wrote:
> > The structs have no refcounting - should the timers be deleted with
> > _sync() inside hsr_check_announce()?
>
> The timers don't need to be conditionally enabled (and removed) as we
> discussed it previously (as they only do useful work when they are
> configured and almost take no resources when declared during the
> driver probe).

My concern is admittedly quite theoretical, and perhaps completely
impossible given current RCU implementation. But what I was saying
is that timer may be running, and interrupted by a very long running
interrupt, say on CPU 0. Then, say, we unregister and free hsr_dev on
CPU 1. When CPU 0 resumes running the timer code it will UAF on hsr_dev.
Again, probably completely theoretical.

> Anyway:
>
> Acked-by: Lukasz Majewski <lukma@xxxxxxx>

Thanks!

Next message: Oleg Nesterov: "Re: [PATCH 1/1] ptrace: Get tracer PID without reliance on the proc FS"
Previous message: Alan Stern: "Re: [PATCH] USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up"
In reply to: Simon Horman: "Re: [PATCH net] net: hsr: prevent NULL pointer dereference in hsr_proxy_announce()"
Next in thread: patchwork-bot+netdevbpf: "Re: [PATCH net] net: hsr: prevent NULL pointer dereference in hsr_proxy_announce()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]