From: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
To: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>,
"David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>,
linux-nfc@lists.01.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH 0/7] nfc: llcp: fix and improvements
Date: Sat, 15 Jan 2022 13:26:43 +0100 [thread overview]
Message-ID: <20220115122650.128182-1-krzysztof.kozlowski@canonical.com> (raw)
Hi,
Patch #1:
=========
Syzbot reported an easily reproducible NULL pointer dereference which I was
struggling to analyze:
https://syzkaller.appspot.com/bug?extid=7f23bcddf626e0593a39
Although direct fix is obvious, I could not actually find the exact race
condition scenario leading to it. The patch fixes the issue - at least under
my QEMU - however all this code looks racy, so I have a feeling I am plumbing
one leak without fixing root cause.
Therefore I would appreciate some more thoughts on first commit.
The rest of patches:
====================
These are improvements, rebased on top of #1, although should be independent.
They do not fix any experienced issue, just look correct to me from the code
point of view.
Testing
=======
Under QEMU only. The NFC/LLCP code was not really tested on a device.
Best regards,
Krzysztof
Krzysztof Kozlowski (7):
nfc: llcp: fix NULL error pointer dereference on sendmsg() after
failed bind()
nfc: llcp: nullify llcp_sock->dev on connect() error paths
nfc: llcp: simplify llcp_sock_connect() error paths
nfc: llcp: use centralized exiting of bind on errors
nfc: llcp: use test_bit()
nfc: llcp: protect nfc_llcp_sock_unlink() calls
nfc: llcp: Revert "NFC: Keep socket alive until the DISC PDU is
actually sent"
net/nfc/llcp.h | 1 -
net/nfc/llcp_core.c | 9 +-------
net/nfc/llcp_sock.c | 54 ++++++++++++++++++++++++---------------------
3 files changed, 30 insertions(+), 34 deletions(-)
--
2.32.0
WARNING: multiple messages have this Message-ID (diff)
From: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
To: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>,
"David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>,
linux-nfc@lists.01.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [linux-nfc] [PATCH 0/7] nfc: llcp: fix and improvements
Date: Sat, 15 Jan 2022 13:26:43 +0100 [thread overview]
Message-ID: <20220115122650.128182-1-krzysztof.kozlowski@canonical.com> (raw)
Hi,
Patch #1:
=========
Syzbot reported an easily reproducible NULL pointer dereference which I was
struggling to analyze:
https://syzkaller.appspot.com/bug?extid=7f23bcddf626e0593a39
Although direct fix is obvious, I could not actually find the exact race
condition scenario leading to it. The patch fixes the issue - at least under
my QEMU - however all this code looks racy, so I have a feeling I am plumbing
one leak without fixing root cause.
Therefore I would appreciate some more thoughts on first commit.
The rest of patches:
====================
These are improvements, rebased on top of #1, although should be independent.
They do not fix any experienced issue, just look correct to me from the code
point of view.
Testing
=======
Under QEMU only. The NFC/LLCP code was not really tested on a device.
Best regards,
Krzysztof
Krzysztof Kozlowski (7):
nfc: llcp: fix NULL error pointer dereference on sendmsg() after
failed bind()
nfc: llcp: nullify llcp_sock->dev on connect() error paths
nfc: llcp: simplify llcp_sock_connect() error paths
nfc: llcp: use centralized exiting of bind on errors
nfc: llcp: use test_bit()
nfc: llcp: protect nfc_llcp_sock_unlink() calls
nfc: llcp: Revert "NFC: Keep socket alive until the DISC PDU is
actually sent"
net/nfc/llcp.h | 1 -
net/nfc/llcp_core.c | 9 +-------
net/nfc/llcp_sock.c | 54 ++++++++++++++++++++++++---------------------
3 files changed, 30 insertions(+), 34 deletions(-)
--
2.32.0
_______________________________________________
Linux-nfc mailing list -- linux-nfc@lists.01.org
To unsubscribe send an email to linux-nfc-leave@lists.01.org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
WARNING: multiple messages have this Message-ID (diff)
From: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
To: linux-nfc@lists.01.org
Subject: [PATCH 0/7] nfc: llcp: fix and improvements
Date: Sat, 15 Jan 2022 13:26:43 +0100 [thread overview]
Message-ID: <20220115122650.128182-1-krzysztof.kozlowski@canonical.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1532 bytes --]
Hi,
Patch #1:
=========
Syzbot reported an easily reproducible NULL pointer dereference which I was
struggling to analyze:
https://syzkaller.appspot.com/bug?extid=7f23bcddf626e0593a39
Although direct fix is obvious, I could not actually find the exact race
condition scenario leading to it. The patch fixes the issue - at least under
my QEMU - however all this code looks racy, so I have a feeling I am plumbing
one leak without fixing root cause.
Therefore I would appreciate some more thoughts on first commit.
The rest of patches:
====================
These are improvements, rebased on top of #1, although should be independent.
They do not fix any experienced issue, just look correct to me from the code
point of view.
Testing
=======
Under QEMU only. The NFC/LLCP code was not really tested on a device.
Best regards,
Krzysztof
Krzysztof Kozlowski (7):
nfc: llcp: fix NULL error pointer dereference on sendmsg() after
failed bind()
nfc: llcp: nullify llcp_sock->dev on connect() error paths
nfc: llcp: simplify llcp_sock_connect() error paths
nfc: llcp: use centralized exiting of bind on errors
nfc: llcp: use test_bit()
nfc: llcp: protect nfc_llcp_sock_unlink() calls
nfc: llcp: Revert "NFC: Keep socket alive until the DISC PDU is
actually sent"
net/nfc/llcp.h | 1 -
net/nfc/llcp_core.c | 9 +-------
net/nfc/llcp_sock.c | 54 ++++++++++++++++++++++++---------------------
3 files changed, 30 insertions(+), 34 deletions(-)
--
2.32.0
next reply other threads:[~2022-01-15 12:27 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-15 12:26 Krzysztof Kozlowski [this message]
2022-01-15 12:26 ` [PATCH 0/7] nfc: llcp: fix and improvements Krzysztof Kozlowski
2022-01-15 12:26 ` [linux-nfc] " Krzysztof Kozlowski
2022-01-15 12:26 ` [PATCH 1/7] nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() Krzysztof Kozlowski
2022-01-15 12:26 ` Krzysztof Kozlowski
2022-01-15 12:26 ` [linux-nfc] " Krzysztof Kozlowski
2022-01-15 12:31 ` Krzysztof Kozlowski
2022-01-15 12:31 ` Krzysztof Kozlowski
2022-01-15 12:31 ` [linux-nfc] " Krzysztof Kozlowski
2022-01-15 12:26 ` [PATCH 2/7] nfc: llcp: nullify llcp_sock->dev on connect() error paths Krzysztof Kozlowski
2022-01-15 12:26 ` Krzysztof Kozlowski
2022-01-15 12:26 ` [linux-nfc] " Krzysztof Kozlowski
2022-01-15 12:26 ` [PATCH 3/7] nfc: llcp: simplify llcp_sock_connect() " Krzysztof Kozlowski
2022-01-15 12:26 ` Krzysztof Kozlowski
2022-01-15 12:26 ` [linux-nfc] " Krzysztof Kozlowski
2022-01-15 12:26 ` [PATCH 4/7] nfc: llcp: use centralized exiting of bind on errors Krzysztof Kozlowski
2022-01-15 12:26 ` Krzysztof Kozlowski
2022-01-15 12:26 ` [linux-nfc] " Krzysztof Kozlowski
2022-01-15 12:26 ` [PATCH 5/7] nfc: llcp: use test_bit() Krzysztof Kozlowski
2022-01-15 12:26 ` Krzysztof Kozlowski
2022-01-15 12:26 ` [linux-nfc] " Krzysztof Kozlowski
2022-01-15 12:26 ` [PATCH 6/7] nfc: llcp: protect nfc_llcp_sock_unlink() calls Krzysztof Kozlowski
2022-01-15 12:26 ` Krzysztof Kozlowski
2022-01-15 12:26 ` [linux-nfc] " Krzysztof Kozlowski
2022-01-15 12:26 ` [PATCH 7/7] nfc: llcp: Revert "NFC: Keep socket alive until the DISC PDU is actually sent" Krzysztof Kozlowski
2022-01-15 12:26 ` Krzysztof Kozlowski
2022-01-15 12:26 ` [linux-nfc] " Krzysztof Kozlowski
2022-01-16 12:32 ` [PATCH 0/7] nfc: llcp: fix and improvements David Miller
2022-01-16 16:58 ` Krzysztof Kozlowski
2022-01-16 16:58 ` Krzysztof Kozlowski
2022-01-16 16:58 ` [linux-nfc] " Krzysztof Kozlowski
2022-01-18 20:14 ` Jakub Kicinski
[not found] ` <20220116134122.2197-1-hdanton@sina.com>
2022-01-16 16:50 ` [PATCH 1/7] nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() Krzysztof Kozlowski
2022-01-16 16:50 ` Krzysztof Kozlowski
2022-01-16 16:50 ` [linux-nfc] " Krzysztof Kozlowski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220115122650.128182-1-krzysztof.kozlowski@canonical.com \
--to=krzysztof.kozlowski@canonical.com \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfc@lists.01.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.