linux-mainline

mirror of https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux synced 2025-10-29 01:44:43 +10:00

History

Duoming Zhou 3f4093e2bf atm: idt77252: fix use-after-free bugs caused by tst_timer There are use-after-free bugs caused by tst_timer. The root cause is that there are no functions to stop tst_timer in idt77252_exit(). One of the possible race conditions is shown below: (thread 1) \| (thread 2) \| idt77252_init_one \| init_card \| fill_tst \| mod_timer(&card->tst_timer, ...) idt77252_exit \| (wait a time) \| tst_timer \| \| ... kfree(card) // FREE \| \| card->soft_tst[e] // USE The idt77252_dev is deallocated in idt77252_exit() and used in timer handler. This patch adds del_timer_sync() in idt77252_exit() in order that the timer handler could be stopped before the idt77252_dev is deallocated. Fixes: `1da177e4c3` ("Linux-2.6.12-rc2") Signed-off-by: Duoming Zhou <duoming@zju.edu.cn> Link: https://lore.kernel.org/r/20220805070008.18007-1-duoming@zju.edu.cn Signed-off-by: Jakub Kicinski <kuba@kernel.org>		2022-08-08 20:51:59 -07:00
..
.gitignore
adummy.c
atmtcp.c
eni.c
eni.h
fore200e.c
fore200e.h
he.c	atm: he: Use the bitmap API to allocate bitmaps	2022-07-11 19:49:53 -07:00
he.h
idt77105.c
idt77105.h
idt77252_tables.h
idt77252.c	atm: idt77252: fix use-after-free bugs caused by tst_timer	2022-08-08 20:51:59 -07:00
idt77252.h
iphase.c	atm: iphase: Fix typo in comment	2022-06-17 20:17:18 -07:00
iphase.h
Kconfig	net: atm: remove support for ZeitNet ZN122x ATM devices	2022-04-27 12:22:56 +01:00
lanai.c
Makefile	net: atm: remove support for ZeitNet ZN122x ATM devices	2022-04-27 12:22:56 +01:00
midway.h
nicstar.c
nicstar.h
nicstarmac.c	net: remove comments that mention obsolete __SLOW_DOWN_IO	2022-04-26 17:09:24 -07:00
nicstarmac.copyright
solos-attrlist.c
solos-pci.c
suni.c
suni.h
tonga.h
zeprom.h