Re: Re: [PATCH] drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()

From: 周多明
Date: Wed Feb 16 2022 - 21:47:57 EST

Next message: Jens Axboe: "Re: [PATCH -next] block: update io_ticks when io hang"
Previous message: Xu Yilun: "Re: [PATCH v1 2/7] fpga: dfl: check feature type before parse irq info"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

Thank you very much for your time and pointing out problems in my patch.
I have sent the modified patch again just now.

We use pty to simulate 6pack device, the released resource is tty_struct->tty_port
in tty layer.

The free trace is shown as below:
tty_release()->tty_release_struct()->release_tty()->tty_kref_put()->
queue_release_one_tty()->release_one_tty()->pty_cleanup()->tty_port_put(tty->port);

The use trace is shown as below:
sp_xmit_on_air()->pty_write()->tty_flip_buffer_push()->tty_schedule_flip(port);

Best wishes,
Duoming Zhou

Next message: Jens Axboe: "Re: [PATCH -next] block: update io_ticks when io hang"
Previous message: Xu Yilun: "Re: [PATCH v1 2/7] fpga: dfl: check feature type before parse irq info"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]