[PATCH OLK-6.6] net/ncsi: Disable the ncsi work before freeing the associated structure

From: Eddie James <eajames@linux.ibm.com> mainline inclusion from mainline-v6.12-rc2 commit a0ffa68c70b367358b2672cdab6fa5bc4c40de2c category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYRA5 CVE: CVE-2024-49945 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... -------------------------------- The work function can run after the ncsi device is freed, resulting in use-after-free bugs or kernel panic. Fixes: 2d283bdd079c ("net/ncsi: Resource management") Signed-off-by: Eddie James <eajames@linux.ibm.com> Link: https://patch.msgid.link/20240925155523.1017097-1-eajames@linux.ibm.com Signed-off-by: Paolo Abeni <pabeni@redhat.com> Conflicts: net/ncsi/ncsi-manage.c [commit 86898fa6b8cd ("workqueue: Implement disable/enable for (delayed) work items") not merged] Signed-off-by: Zhang Changzhong <zhangchangzhong@huawei.com> --- net/ncsi/ncsi-manage.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/ncsi/ncsi-manage.c b/net/ncsi/ncsi-manage.c index 90c6cf6..60725e0 100644 --- a/net/ncsi/ncsi-manage.c +++ b/net/ncsi/ncsi-manage.c @@ -1949,6 +1949,8 @@ void ncsi_unregister_dev(struct ncsi_dev *nd) list_del_rcu(&ndp->node); spin_unlock_irqrestore(&ncsi_dev_lock, flags); + cancel_work_sync(&ndp->work); + kfree(ndp); } EXPORT_SYMBOL_GPL(ncsi_unregister_dev); -- 2.9.5

反馈: 您发送到kernel@openeuler.org的补丁/补丁集,已成功转换为PR! PR链接地址: https://gitee.com/openeuler/kernel/pulls/13192 邮件列表地址:https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/R... FeedBack: The patch(es) which you have sent to kernel@openeuler.org mailing list has been converted to a pull request successfully! Pull request link: https://gitee.com/openeuler/kernel/pulls/13192 Mailing list address: https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/R...
participants (2)
-
patchwork bot
-
Zhang Changzhong