subject:"\[PATCH\] net\/bridge\/br_if.c\: fix possible use\-after\-free in port_carrier

Re: [PATCH] net/bridge/br_if.c: fix possible use-after-free in port_carrier_check()

2007-02-21 Thread Oleg Nesterov

On 02/21, Jarek Poplawski wrote: > > > On Wed, 21 Feb 2007 01:19:41 +0300 > > Oleg Nesterov <[EMAIL PROTECTED]> wrote: > > > > > + p = container_of(work, struct net_bridge_port, carrier_check.work); > > > > > > rtnl_lock(); > > > - p = dev->br_port; > > > - if (!p) > > > - goto done; >

Re: [PATCH] net/bridge/br_if.c: fix possible use-after-free in port_carrier_check()

2007-02-21 Thread Oleg Nesterov

On 02/20, Stephen Hemminger wrote: > > On Wed, 21 Feb 2007 01:19:41 +0300 > Oleg Nesterov <[EMAIL PROTECTED]> wrote: > > > static void release_nbp(struct kobject *kobj) > > { > > struct net_bridge_port *p > > = container_of(kobj, struct net_bridge_port, kobj); > > + > > + dev_p

Re: [PATCH] net/bridge/br_if.c: fix possible use-after-free in port_carrier_check()

2007-02-21 Thread Jarek Poplawski

On Wed, Feb 21, 2007 at 09:23:45AM +0100, Jarek Poplawski wrote: ... > I have known issues with RCU, but dare to disagree here. > It's done during call_rcu, so anything RCU friendly shouldn't > see this at the moment at all. It could be needed for those > with refcounting - than it should be checke

Re: [PATCH] net/bridge/br_if.c: fix possible use-after-free in port_carrier_check()

2007-02-21 Thread Jarek Poplawski

On Tue, Feb 20, 2007 at 04:24:34PM -0800, Stephen Hemminger wrote: > On Wed, 21 Feb 2007 01:19:41 +0300 > Oleg Nesterov <[EMAIL PROTECTED]> wrote: > > > If del_nbp()->cancel_delayed_work(carrier_check) fails, port_carrier_check() > > may run later and access an already freed container (struct > >

Re: [PATCH] net/bridge/br_if.c: fix possible use-after-free in port_carrier_check()

2007-02-20 Thread Stephen Hemminger

On Wed, 21 Feb 2007 01:19:41 +0300 Oleg Nesterov <[EMAIL PROTECTED]> wrote: > If del_nbp()->cancel_delayed_work(carrier_check) fails, port_carrier_check() > may run later and access an already freed container (struct net_bridge_port). > > With this patch, carrier_check owns a reference to "struct

[PATCH] net/bridge/br_if.c: fix possible use-after-free in port_carrier_check()

2007-02-20 Thread Oleg Nesterov

If del_nbp()->cancel_delayed_work(carrier_check) fails, port_carrier_check() may run later and access an already freed container (struct net_bridge_port). With this patch, carrier_check owns a reference to "struct net_bridge_port", not net_device, so it is always safe to acces the container. port

Re: [PATCH] net/bridge/br_if.c: fix possible use-after-free in port_carrier_check()

Re: [PATCH] net/bridge/br_if.c: fix possible use-after-free in port_carrier_check()

Re: [PATCH] net/bridge/br_if.c: fix possible use-after-free in port_carrier_check()

Re: [PATCH] net/bridge/br_if.c: fix possible use-after-free in port_carrier_check()

Re: [PATCH] net/bridge/br_if.c: fix possible use-after-free in port_carrier_check()

[PATCH] net/bridge/br_if.c: fix possible use-after-free in port_carrier_check()

6 matches

Site Navigation

Mail list logo

Footer information