| From foo@baz Tue 01 Oct 2019 04:06:17 PM CEST |
| From: Bjorn Andersson <bjorn.andersson@linaro.org> |
| Date: Wed, 18 Sep 2019 10:21:17 -0700 |
| Subject: net: qrtr: Stop rx_worker before freeing node |
| |
| From: Bjorn Andersson <bjorn.andersson@linaro.org> |
| |
| [ Upstream commit 73f0c11d11329a0d6d205d4312b6e5d2512af7c5 ] |
| |
| As the endpoint is unregistered there might still be work pending to |
| handle incoming messages, which will result in a use after free |
| scenario. The plan is to remove the rx_worker, but until then (and for |
| stable@) ensure that the work is stopped before the node is freed. |
| |
| Fixes: bdabad3e363d ("net: Add Qualcomm IPC router") |
| Cc: stable@vger.kernel.org |
| Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org> |
| Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| net/qrtr/qrtr.c | 1 + |
| 1 file changed, 1 insertion(+) |
| |
| --- a/net/qrtr/qrtr.c |
| +++ b/net/qrtr/qrtr.c |
| @@ -126,6 +126,7 @@ static void __qrtr_node_release(struct k |
| list_del(&node->item); |
| mutex_unlock(&qrtr_node_lock); |
| |
| + cancel_work_sync(&node->work); |
| skb_queue_purge(&node->rx_queue); |
| kfree(node); |
| } |
