Tuomas Tynkkynen b835a71ef6
usbnet: smsc95xx: Fix use-after-free after removal ...
Syzbot reports an use-after-free in workqueue context:
BUG: KASAN: use-after-free in mutex_unlock+0x19/0x40 kernel/locking/mutex.c:737
mutex_unlock+0x19/0x40 kernel/locking/mutex.c:737
__smsc95xx_mdio_read drivers/net/usb/smsc95xx.c:217 [inline]
smsc95xx_mdio_read+0x583/0x870 drivers/net/usb/smsc95xx.c:278
check_carrier+0xd1/0x2e0 drivers/net/usb/smsc95xx.c:644
process_one_work+0x777/0xf90 kernel/workqueue.c:2274
worker_thread+0xa8f/0x1430 kernel/workqueue.c:2420
kthread+0x2df/0x300 kernel/kthread.c:255
It looks like that smsc95xx_unbind() is freeing the structures that are
still in use by the concurrently running workqueue callback. Thus switch
to using cancel_delayed_work_sync() to ensure the work callback really
is no longer active.
Reported-by: syzbot+29dc7d4ae19b703ff947@syzkaller.appspotmail.com
Signed-off-by: Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi >
Signed-off-by: David S. Miller <davem@davemloft.net >
2020-06-22 16:34:31 -07:00
2020-06-14 01:57:21 +09:00
2020-06-13 13:04:36 -07:00
2020-06-15 23:08:28 -05:00
2020-06-14 01:57:21 +09:00
2020-06-14 01:57:21 +09:00
2020-06-14 01:57:21 +09:00
2020-06-14 01:57:21 +09:00
2020-06-09 10:04:47 -07:00
2020-06-15 23:08:31 -05:00
2020-06-03 16:27:18 -07:00
2020-06-07 10:59:32 -07:00
2020-06-10 16:05:54 -07:00
2020-06-14 01:57:21 +09:00
2020-06-14 01:57:21 +09:00
2020-06-09 19:11:22 -07:00
2020-06-14 01:57:21 +09:00
2020-06-14 01:57:21 +09:00
2020-06-12 14:10:21 -07:00
2020-06-15 23:08:31 -05:00
2020-06-04 19:06:23 -07:00
2020-06-15 23:08:32 -05:00
2020-06-14 01:57:21 +09:00
2020-06-13 13:29:16 -07:00
2020-06-14 01:57:21 +09:00
2020-06-15 23:08:31 -05:00
2020-06-15 23:08:32 -05:00
2020-06-07 10:59:32 -07:00
2020-06-14 01:57:21 +09:00
2020-06-14 01:57:21 +09:00
2020-06-14 01:57:21 +09:00
2020-06-13 13:29:16 -07:00
2020-06-14 01:57:21 +09:00
2020-06-14 01:57:21 +09:00
2020-06-14 01:57:21 +09:00
2020-06-03 15:00:05 -07:00
2020-06-11 15:17:57 +02:00
2020-06-15 23:08:32 -05:00
2020-06-13 13:29:16 -07:00
2020-06-14 01:57:21 +09:00
2020-06-14 01:57:21 +09:00
2020-06-14 01:57:21 +09:00
2020-06-14 01:57:21 +09:00
2020-06-10 14:04:39 -07:00
2020-06-13 13:29:16 -07:00
2020-06-14 01:57:21 +09:00
2020-06-09 19:11:22 -07:00
2020-06-14 01:57:21 +09:00
2020-06-04 11:03:45 -07:00
2020-06-02 15:29:19 -07:00
2020-06-14 01:57:21 +09:00
2020-06-10 22:43:57 -05:00
2020-06-14 01:57:21 +09:00
2020-06-15 23:08:32 -05:00
2020-06-14 01:57:21 +09:00
2020-06-16 09:32:43 +01:00
2020-06-14 01:57:21 +09:00
2020-06-14 01:57:21 +09:00
2020-06-10 13:24:40 -07:00
2020-06-22 16:34:31 -07:00
2020-06-14 01:57:21 +09:00
2020-06-05 20:02:09 -04:00
2020-06-13 13:04:36 -07:00
2020-06-13 13:29:16 -07:00
2020-06-19 13:39:00 -07:00
2020-06-14 01:57:21 +09:00
2020-06-15 23:08:32 -05:00
2020-06-14 01:57:21 +09:00
2020-06-13 13:29:16 -07:00
2020-06-14 01:57:21 +09:00
2020-06-11 12:53:23 -07:00
2020-06-15 23:08:32 -05:00
2020-06-07 16:13:43 -07:00
2020-06-13 13:29:16 -07:00
2020-06-14 01:57:21 +09:00
2020-06-10 11:28:35 -07:00
2020-06-13 13:29:16 -07:00
2020-06-14 01:57:21 +09:00
2020-06-14 01:57:21 +09:00
2020-06-04 19:09:28 +02:00
2020-06-15 23:08:32 -05:00
2020-06-01 13:01:44 +01:00
2020-06-08 13:01:08 -07:00
2020-06-07 10:59:32 -07:00
2020-06-08 13:01:08 -07:00
2020-06-07 16:11:23 -07:00
2020-06-18 20:27:42 -07:00
2020-06-14 01:57:21 +09:00
2020-06-13 13:29:16 -07:00
2020-06-14 01:57:21 +09:00
2020-06-15 23:08:32 -05:00
2020-06-07 10:59:32 -07:00
2020-06-13 13:29:16 -07:00
2020-06-13 13:29:16 -07:00
2020-06-09 09:39:14 -07:00
2020-06-12 14:10:21 -07:00
2020-06-07 09:42:16 -07:00
2020-06-14 01:57:21 +09:00
2020-06-13 13:29:16 -07:00
2020-06-06 16:26:47 -04:00
2020-06-10 19:14:18 -07:00
2020-06-13 13:29:16 -07:00
2020-06-14 01:57:21 +09:00
2020-06-14 01:57:21 +09:00
2020-06-14 01:57:21 +09:00
2020-06-14 01:57:21 +09:00
2020-06-14 01:57:21 +09:00
2020-06-15 23:08:32 -05:00
2020-06-14 01:57:21 +09:00
2020-06-13 10:05:47 -07:00
2020-06-14 01:57:21 +09:00
b835a71ef6