From: Marc Kleine-Budde <mkl@pengutronix.de>
To: Oleksij Rempel <o.rempel@pengutronix.de>
Cc: dev.kurt@vandijck-laurijssen.be, wg@grandegger.com,
Xiaochen Zou <xzou017@ucr.edu>,
kernel@pengutronix.de, linux-can@vger.kernel.org,
netdev@vger.kernel.org, David Jander <david@protonic.nl>,
Zhang Changzhong <zhangchangzhong@huawei.com>
Subject: Re: [PATCH v1] can: j1939: j1939_session_deactivate(): clarify lifetime of session object
Date: Wed, 14 Jul 2021 21:32:05 +0200 [thread overview]
Message-ID: <20210714193205.jsygqqnimcqarety@pengutronix.de> (raw)
In-Reply-To: <20210714111602.24021-1-o.rempel@pengutronix.de>
[-- Attachment #1: Type: text/plain, Size: 1148 bytes --]
On 14.07.2021 13:16:02, Oleksij Rempel wrote:
> The j1939_session_deactivate() is decrementing the session ref-count and
> potentially can free() the session. This would cause use-after-free
> situation.
>
> However, the code calling j1939_session_deactivate() does always hold
> another reference to the session, so that it would not be free()ed in
> this code path.
>
> This patch adds a comment to make this clear and a WARN_ON, to ensure
> that future changes will not violate this requirement. Further this
> patch avoids dereferencing the session pointer as a precaution to avoid
> use-after-free if the session is actually free()ed.
>
> Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol")
> Reported-by: Xiaochen Zou <xzou017@ucr.edu>
> Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
Added to linux-can/testing
regards,
Marc
--
Pengutronix e.K. | Marc Kleine-Budde |
Embedded Linux | https://www.pengutronix.de |
Vertretung West/Dortmund | Phone: +49-231-2826-924 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
prev parent reply other threads:[~2021-07-14 19:32 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-14 11:16 [PATCH v1] can: j1939: j1939_session_deactivate(): clarify lifetime of session object Oleksij Rempel
2021-07-14 19:32 ` Marc Kleine-Budde [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210714193205.jsygqqnimcqarety@pengutronix.de \
--to=mkl@pengutronix.de \
--cc=david@protonic.nl \
--cc=dev.kurt@vandijck-laurijssen.be \
--cc=kernel@pengutronix.de \
--cc=linux-can@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=o.rempel@pengutronix.de \
--cc=wg@grandegger.com \
--cc=xzou017@ucr.edu \
--cc=zhangchangzhong@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.