From: Kalle Valo <kvalo@kernel.org>
To: Arend van Spriel <arend.vanspriel@broadcom.com>
Cc: Zheng Hacker <hackerzheng666@gmail.com>,
Zheng Wang <zyytlz.wz@163.com>,
aspriel@gmail.com, franky.lin@broadcom.com,
hante.meuleman@broadcom.com, johannes.berg@intel.com,
marcan@marcan.st, linus.walleij@linaro.org,
jisoo.jang@yonsei.ac.kr, linuxlovemin@yonsei.ac.kr,
wataru.gohda@cypress.com, linux-wireless@vger.kernel.org,
brcm80211-dev-list.pdl@broadcom.com,
SHA-cyfmac-dev-list@infineon.com, linux-kernel@vger.kernel.org,
security@kernel.org, stable@vger.kernel.org
Subject: Re: [PATCH v5] wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
Date: Mon, 13 Nov 2023 14:11:51 +0200 [thread overview]
Message-ID: <874jhpvomw.fsf@kernel.org> (raw)
In-Reply-To: <fa0e7536-9b05-42fb-9fff-acd2ffad9af9@broadcom.com> (Arend van Spriel's message of "Mon, 13 Nov 2023 10:18:06 +0100")
Arend van Spriel <arend.vanspriel@broadcom.com> writes:
> On November 8, 2023 4:03:26 AM Zheng Hacker <hackerzheng666@gmail.com>
> wrote:
>
>> Arend Van Spriel <arend.vanspriel@broadcom.com> 于2023年11月6日周一 23:48写道:
>>>
>>> On November 6, 2023 3:44:53 PM Zheng Hacker <hackerzheng666@gmail.com> wrote:
>>>
>>>> Thanks! I didn't test it for I don't have a device. Very appreciated
>>>> if anyone could help with that.
>>>
>>> I would volunteer, but it made me dig deep and not sure if there is a
>>> problem to solve here.
>>>
>>> brcmf_cfg80211_detach() calls wl_deinit_priv() -> brcmf_abort_scanning() ->
>>> brcmf_notify_escan_complete() which does delete the timer.
>>>
>>> What am I missing here?
>>
>> Thanks four your detailed review. I did see the code and not sure if
>> brcmf_notify_escan_complete
>> would be triggered for sure. So in the first version I want to delete
>> the pending timer ahead of time.
>
> Why requesting a CVE when you are not sure? Seems a bit hasty to put
> it mildly.
TBH I don't take CVE entries seriously anymore. I don't know what has
happened there.
--
https://patchwork.kernel.org/project/linux-wireless/list/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
next prev parent reply other threads:[~2023-11-13 12:11 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-06 14:17 [PATCH v5] wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Zheng Wang
2023-11-06 14:41 ` Kalle Valo
2023-11-06 14:44 ` Zheng Hacker
2023-11-06 15:48 ` Arend Van Spriel
2023-11-08 3:03 ` Zheng Hacker
2023-11-13 9:18 ` Arend van Spriel
2023-11-13 12:11 ` Kalle Valo [this message]
2023-11-15 15:00 ` Zheng Hacker
2023-11-16 18:20 ` Arend Van Spriel
2023-11-16 18:25 ` Takashi Iwai
2023-11-16 19:02 ` Arend Van Spriel
2023-11-17 2:31 ` Zheng Hacker
2023-11-17 6:24 ` Arend Van Spriel
2023-12-12 13:48 ` Lee Jones
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=874jhpvomw.fsf@kernel.org \
--to=kvalo@kernel.org \
--cc=SHA-cyfmac-dev-list@infineon.com \
--cc=arend.vanspriel@broadcom.com \
--cc=aspriel@gmail.com \
--cc=brcm80211-dev-list.pdl@broadcom.com \
--cc=franky.lin@broadcom.com \
--cc=hackerzheng666@gmail.com \
--cc=hante.meuleman@broadcom.com \
--cc=jisoo.jang@yonsei.ac.kr \
--cc=johannes.berg@intel.com \
--cc=linus.walleij@linaro.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=linuxlovemin@yonsei.ac.kr \
--cc=marcan@marcan.st \
--cc=security@kernel.org \
--cc=stable@vger.kernel.org \
--cc=wataru.gohda@cypress.com \
--cc=zyytlz.wz@163.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.