linux-uconsole

History

Tuomas Tynkkynen 2a72aabdc4 usbnet: smsc95xx: Fix use-after-free after removal [ Upstream commit `b835a71ef6` ] Syzbot reports an use-after-free in workqueue context: BUG: KASAN: use-after-free in mutex_unlock+0x19/0x40 kernel/locking/mutex.c:737 mutex_unlock+0x19/0x40 kernel/locking/mutex.c:737 __smsc95xx_mdio_read drivers/net/usb/smsc95xx.c:217 [inline] smsc95xx_mdio_read+0x583/0x870 drivers/net/usb/smsc95xx.c:278 check_carrier+0xd1/0x2e0 drivers/net/usb/smsc95xx.c:644 process_one_work+0x777/0xf90 kernel/workqueue.c:2274 worker_thread+0xa8f/0x1430 kernel/workqueue.c:2420 kthread+0x2df/0x300 kernel/kthread.c:255 It looks like that smsc95xx_unbind() is freeing the structures that are still in use by the concurrently running workqueue callback. Thus switch to using cancel_delayed_work_sync() to ensure the work callback really is no longer active. Reported-by: syzbot+29dc7d4ae19b703ff947@syzkaller.appspotmail.com Signed-off-by: Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org>		2020-07-09 09:37:09 +02:00
..
asix.h
asix_common.c
asix_devices.c	net: usb: asix: init MAC address buffers	2019-07-26 09:14:15 +02:00
ax88172a.c	ax88172a: fix information leak on short answers	2019-11-20 18:45:11 +01:00
ax88179_178a.c	net: usb: ax88179_178a: fix packet alignment padding	2020-06-30 23:17:04 -04:00
catc.c
cdc-phonet.c
cdc_eem.c
cdc_ether.c	r8152: support additional Microsoft Surface Ethernet Adapter variant	2020-06-03 08:19:20 +02:00
cdc_mbim.c
cdc_ncm.c	net: cdc_ncm: Signedness bug in cdc_ncm_set_dgram_size()	2019-11-24 08:19:10 +01:00
cdc_subset.c
ch9200.c
cx82310_eth.c	cx82310_eth: fix a memory leak bug	2019-09-10 10:33:47 +01:00
dm9601.c
gl620a.c
hso.c	hso: fix NULL-deref on tty open	2019-10-07 18:57:20 +02:00
huawei_cdc_ncm.c
int51x1.c
ipheth.c
kalmia.c	net: kalmia: fix memory leaks	2019-09-10 10:33:48 +01:00
kaweth.c
Kconfig
lan78xx.c	net: usb: lan78xx: Add .ndo_features_check	2020-01-29 16:43:17 +01:00
lan78xx.h
lg-vl600.c
Makefile
mcs7830.c
net1080.c
pegasus.c	net: usb: pegasus: fix improper read if get_registers() fail	2019-08-25 10:47:50 +02:00
pegasus.h
plusb.c
qmi_wwan.c	net: usb: qmi_wwan: add Telit LE910C1-EUX composition	2020-06-10 21:34:59 +02:00
r8152.c	r8152: support additional Microsoft Surface Ethernet Adapter variant	2020-06-03 08:19:20 +02:00
rndis_host.c
rtl8150.c
sierra_net.c
smsc75xx.c
smsc75xx.h
smsc95xx.c	usbnet: smsc95xx: Fix use-after-free after removal	2020-07-09 09:37:09 +02:00
smsc95xx.h
sr9700.c
sr9700.h
sr9800.c	net: usb: sr9800: fix uninitialized local variable	2019-11-06 13:06:26 +01:00
sr9800.h
usbnet.c	usbnet: sanity checking of packet sizes and device mtu	2019-10-05 13:09:30 +02:00
zaurus.c