Re: [PATCH 0/2] can: j1939: avoid possible use-after-free when j1939_can_rx_register fails

From: Marc Kleine-Budde
Date: Mon Jun 05 2023 - 02:38:01 EST

Next message: Tiezhu Yang: "[PATCH v5 0/6] Add uprobes support for LoongArch"
Previous message: Krzysztof Kozlowski: "Re: [PATCH 03/21] dt-bindings: usb: generic-ehci: Document clock-names property"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 26.05.2023 20:19:08, Fedor Pchelkin wrote:
> The patch series fixes a possible racy use-after-free scenario described
> in 2/2: if j1939_can_rx_register() fails then the concurrent thread may
> have already read the invalid priv structure.
>
> The 1/2 makes j1939_netdev_lock a mutex so that access to
> j1939_can_rx_register() can be serialized without changing GFP_KERNEL to
> GFP_ATOMIC inside can_rx_register(). This seems to be safe.
>
> Note that the patch series has been tested only via Syzkaller and not with
> a real device.

Applied to linux-can + adding stable on Cc.

Thanks,
Marc

--
Pengutronix e.K. | Marc Kleine-Budde |
Embedded Linux | https://www.pengutronix.de |
Vertretung Nürnberg | Phone: +49-5121-206917-129 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-9 |

Attachment: signature.asc
Description: PGP signature

Next message: Tiezhu Yang: "[PATCH v5 0/6] Add uprobes support for LoongArch"
Previous message: Krzysztof Kozlowski: "Re: [PATCH 03/21] dt-bindings: usb: generic-ehci: Document clock-names property"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]