Unverified Commit 694d2102 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!3592 CVE-2023-35827 patchset 

Merge Pull Request from: @ci-robot 
 
PR sync from: Ziyang Xuan <william.xuanziyang@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/WBBYQZG7EYSEALIX6XQDMA7MKCOL3HQR/ 
CVE-2023-35827 patchset.

Yoshihiro Shimoda (2):
  ravb: Fix use-after-free issue in ravb_tx_timeout_work()
  ravb: Fix races between ravb_tx_timeout_work() and net related ops


-- 
2.25.1
 
https://gitee.com/src-openeuler/kernel/issues/I7EDZ1 
 
Link:https://gitee.com/openeuler/kernel/pulls/3592

 

Reviewed-by: default avatarYue Haibing <yuehaibing@huawei.com>
Reviewed-by: default avatarLiu YongQiang <liuyongqiang13@huawei.com>
Signed-off-by: default avatarZhang Changzhong <zhangchangzhong@huawei.com>
parents acc86fc9 c3a12f11

drivers/net/ethernet/renesas/ravb_main.c

+10 −0
Original line number Diff line number Diff line
@@ -1446,6 +1446,12 @@ static void ravb_tx_timeout_work(struct work_struct *work) 
						 work);

	struct net_device *ndev = priv->ndev;



	if (!rtnl_trylock()) {

		usleep_range(1000, 2000);

		schedule_work(&priv->work);

		return;

	}



	netif_tx_stop_all_queues(ndev);



	/* Stop PTP Clock driver */
@@ -1467,6 +1473,8 @@ static void ravb_tx_timeout_work(struct work_struct *work) 
		ravb_ptp_init(ndev, priv->pdev);



	netif_tx_start_all_queues(ndev);



	rtnl_unlock();

}



/* Packet transmit function for Ethernet AVB */
@@ -1683,6 +1691,8 @@ static int ravb_close(struct net_device *ndev) 
			of_phy_deregister_fixed_link(np);

	}



	cancel_work_sync(&priv->work);



	if (priv->chip_id != RCAR_GEN2) {

		free_irq(priv->tx_irqs[RAVB_NC], ndev);

		free_irq(priv->rx_irqs[RAVB_NC], ndev);