Re: [PATCH v2] atm: fix use-after-free in sigd_put_skb()

Next message: Tyrel Datwyler: "Re: [PATCH v2 3/7] ibmvfc: make ibmvfc login to fabric"
Previous message: Dan Williams (nvidia): "Re: [PATCH v14 10/44] arm64: RMI: Add support for SRO"
In reply to: Weiming Shi: "Re: [PATCH v2] atm: fix use-after-free in sigd_put_skb()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jakub Kicinski

Date: Fri Jun 12 2026 - 19:11:08 EST

On Wed, 10 Jun 2026 00:21:08 +0800 Weiming Shi wrote:
> sigd_put_skb() delivers a signalling message to the daemon socket named
> by the global @sigd pointer, ending in a call to sk_data_ready(). It
> reads @sigd with no synchronisation, so it can race with a close of the
> daemon socket: sigd_close() clears @sigd and the socket is then torn
> down and freed.

Hm, we intend to only retain the portions of the ATM stack which are
still used in PPPoATM and ADSL. I don't believe the signaling stuff
is used there. I will post a patch to delete this code.
--
pw-bot: nap