From: Kalle Valo <kvalo@codeaurora.org>
To: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Cc: "linux-wireless@vger.kernel.org" <linux-wireless@vger.kernel.org>,
Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>,
Mikhail Karpenko <mkarpenko@quantenna.com>,
Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Subject: Re: [PATCH 1/7] qtnfmac: fix using skb after free
Date: Thu, 14 Nov 2019 15:29:31 +0000 (UTC) [thread overview]
Message-ID: <20191114152931.8FEA460EB7@smtp.codeaurora.org> (raw)
In-Reply-To: <20191113110639.9226-2-sergey.matyukevich.os@quantenna.com>
Sergey Matyukevich <sergey.matyukevich.os@quantenna.com> wrote:
> KASAN reported use-after-free error:
>
> [ 995.220767] BUG: KASAN: use-after-free in qtnf_cmd_send_with_reply+0x169/0x3e0 [qtnfmac]
> [ 995.221098] Read of size 2 at addr ffff888213d1ded0 by task kworker/1:1/71
>
> The issue in qtnf_cmd_send_with_reply impacts all the commands that do
> not need response other then return code. For such commands, consume_skb
> is used for response skb and right after that return code in response
> skb is accessed.
>
> Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
7 patches applied to wireless-drivers-next.git, thanks.
4a33f21cef84 qtnfmac: fix using skb after free
dd4c2260dab0 qtnfmac: fix debugfs support for multiple cards
24227a9e956a qtnfmac: fix invalid channel information output
97aef03cb71b qtnfmac: modify Rx descriptors queue setup
46d55fcec163 qtnfmac: send EAPOL frames via control path
239ce8a79778 qtnfmac: handle MIC failure event from firmware
0756e913fc02 qtnfmac: add support for getting/setting transmit power
--
https://patchwork.kernel.org/patch/11241691/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
next prev parent reply other threads:[~2019-11-14 15:29 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-13 11:06 [PATCH 0/7] qtnfmac: misc features and fixes Sergey Matyukevich
2019-11-13 11:06 ` [PATCH 1/7] qtnfmac: fix using skb after free Sergey Matyukevich
2019-11-14 15:29 ` Kalle Valo [this message]
2019-11-13 11:06 ` [PATCH 2/7] qtnfmac: fix debugfs support for multiple cards Sergey Matyukevich
2019-11-13 11:06 ` [PATCH 3/7] qtnfmac: fix invalid channel information output Sergey Matyukevich
2019-11-13 11:06 ` [PATCH 4/7] qtnfmac: modify Rx descriptors queue setup Sergey Matyukevich
2019-11-13 11:06 ` [PATCH 5/7] qtnfmac: send EAPOL frames via control path Sergey Matyukevich
2019-11-13 11:06 ` [PATCH 6/7] qtnfmac: handle MIC failure event from firmware Sergey Matyukevich
2019-11-13 11:06 ` [PATCH 7/7] qtnfmac: add support for getting/setting transmit power Sergey Matyukevich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191114152931.8FEA460EB7@smtp.codeaurora.org \
--to=kvalo@codeaurora.org \
--cc=igor.mitsyanko.os@quantenna.com \
--cc=linux-wireless@vger.kernel.org \
--cc=mkarpenko@quantenna.com \
--cc=sergey.matyukevich.os@quantenna.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.