proxmox-mirrors/mirror_ubuntu-kernels
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_ubuntu-kernels.git synced 2025-11-26 08:02:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
b9a0da5b2e
mirror_ubuntu-kernels/drivers/nfc
History
Duoming Zhou f1e941dbf8 nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout 
When the pn532 uart device is detaching, the pn532_uart_remove()
is called. But there are no functions in pn532_uart_remove() that
could delete the cmd_timeout timer, which will cause use-after-free
bugs. The process is shown below:

    (thread 1)                  |        (thread 2)
                                |  pn532_uart_send_frame
pn532_uart_remove               |    mod_timer(&pn532->cmd_timeout,...)
  ...                           |    (wait a time)
  kfree(pn532) //FREE           |    pn532_cmd_timeout
                                |      pn532_uart_send_frame
                                |        pn532->... //USE

This patch adds del_timer_sync() in pn532_uart_remove() in order to
prevent the use-after-free bugs. What's more, the pn53x_unregister_nfc()
is well synchronized, it sets nfc_dev->shutting_down to true and there
are no syscalls could restart the cmd_timeout timer.

Fixes: c656aa4c27 ("nfc: pn533: add UART phy driver")
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
2022-08-22 14:51:30 +01:00
..
fdp nfc: fdp: Merge the same judgment 2021-11-26 11:22:14 -08:00
microread nfc: microread: drop unneeded debug prints 2021-10-11 17:00:52 -07:00
nfcmrvl nfc: nfcmrvl: Fix irq_of_parse_and_map() return value 2022-06-28 21:27:53 -07:00
nxp-nci NFC: nxp-nci: add error reporting 2022-07-13 18:52:12 -07:00
pn533 nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout 2022-08-22 14:51:30 +01:00
pn544 nfc: pn544: make array rset_cmd static const 2022-01-11 21:09:03 -08:00
s3fwrn5 nfc: s3fwrn5: simplify dereferencing pointer to struct device 2021-10-11 17:00:51 -07:00
st21nfca nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION 2022-06-08 10:17:17 -07:00
st95hf spi: make remove callback a void function 2022-02-09 13:00:45 +00:00
st-nci spi: Make remove() return void 2022-02-28 10:43:07 -08:00
Kconfig nfc: Add a virtual nci device driver 2021-01-29 18:03:33 -08:00
Makefile nfc: Add a virtual nci device driver 2021-01-29 18:03:33 -08:00
mei_phy.c nfc: mei_phy: constify buffer passed to mei_nfc_send() 2021-07-29 12:28:02 +01:00
mei_phy.h nfc: constify nfc_phy_ops 2021-07-25 09:21:21 +01:00
nfcsim.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-07-31 09:14:46 -07:00
port100.c NFC: port100: fix use-after-free in port100_send_complete 2022-03-09 19:59:34 -08:00
trf7970a.c spi: make remove callback a void function 2022-02-09 13:00:45 +00:00
virtual_ncidev.c nfc: virtual_ncidev: change default device permissions 2021-11-26 11:14:31 -08:00