Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp10074375rwb; Fri, 25 Nov 2022 00:16:39 -0800 (PST) X-Google-Smtp-Source: AA0mqf784GZdlWZWU8xPWuPTjki8VeVp+Aa4WhR+oYjQjlWGt2ysr/4y/1X+Oja1Q1fZ/JPtAtRs X-Received: by 2002:a17:906:a397:b0:7ae:5381:bd02 with SMTP id k23-20020a170906a39700b007ae5381bd02mr29904638ejz.286.1669364199224; Fri, 25 Nov 2022 00:16:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669364199; cv=none; d=google.com; s=arc-20160816; b=WjJ2SAMANmHUOHAYl3sE2XgSsTqUR4PdDXm+SG5uPIX2ba8+M4fU7jgKrbd2SD0YSM 0X9m0FPUYJa6m9Gan611vrreXLfV7kNU9sdVu0ytqu8P+NA4vKoE+SyaeDe3JWV8+gRN cT+ic4GR+iKnj2QZR96uIMcRKqTq0UGdFZkWgMny4t6xAQ+EW8TCMqnbHYqPM99ZBnS1 l9yfwH4Dq5V7cTbIlGvV/HgdLaJbTCQCeiQT2RoiNtftL4R8iGv/xy8LrDM19B0fPSec PV6StwNa+ZXv9o7X1BGpW6hLWenXsUasfff1Ax6OgjAIhUVD0NnoCJbSZ59Cz2KrnNj+ dlRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=cEYTXxSTkiFApSaF1WsclVT5ag0KWqw0q49thn9wlAg=; b=Q8gj9xJuYsCQ9f7savRTfPcyfVT08NTh2N/FkSR6aFUDOTpL1zSdUdZtlXUgRQVAd0 TjC9rJrXbNEnV8mZGoBI7sfwmZ6KcyfAA6kpAJzRqqcetxLLigUvDubAGbkqnFr1Rt6O YXE21Z8+s6ZaH1HFXDkPTkRqnc/Uo0iGRelVCWi6W+pt7ybgsU3DwmL/bQYqWthJU/Ot Dh0tfqSfVSOYX/o+EU3rUQfKFZPVFW510QMc/M2Nw8yrQOmL4RhqGglh9KjU6emyEHUO jrv/BceIBjhJAqbfjmRg0qDr16wES/Ii53TJFoRd9TaWrgZRGwOaFNq4IxO/SiU+WFi3 EVbg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f11-20020a056402354b00b0046a2b7d2452si3215781edd.255.2022.11.25.00.16.17; Fri, 25 Nov 2022 00:16:39 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229776AbiKYHxR (ORCPT + 87 others); Fri, 25 Nov 2022 02:53:17 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44682 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229493AbiKYHxQ (ORCPT ); Fri, 25 Nov 2022 02:53:16 -0500 Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 64B2829826; Thu, 24 Nov 2022 23:53:16 -0800 (PST) Received: from canpemm500007.china.huawei.com (unknown [172.30.72.57]) by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4NJRt05jbgzmW9R; Fri, 25 Nov 2022 15:52:40 +0800 (CST) Received: from [10.174.179.215] (10.174.179.215) by canpemm500007.china.huawei.com (7.192.104.62) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Fri, 25 Nov 2022 15:53:14 +0800 Subject: Re: [PATCH net] net: hsr: Fix potential use-after-free To: Paolo Abeni , , , , CC: , References: <20221123063057.25952-1-yuehaibing@huawei.com> From: YueHaibing Message-ID: <250b2e18-13bd-b0d5-8117-112ffc42b55a@huawei.com> Date: Fri, 25 Nov 2022 15:53:13 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8" Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [10.174.179.215] X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To canpemm500007.china.huawei.com (7.192.104.62) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2022/11/24 16:53, Paolo Abeni wrote: > Hello, > > On Wed, 2022-11-23 at 14:30 +0800, YueHaibing wrote: >> The skb is delivered to netif_rx() which may free it, after calling this, >> dereferencing skb may trigger use-after-free. >> >> Fixes: f266a683a480 ("net/hsr: Better frame dispatch") >> Signed-off-by: YueHaibing > > The code looks good, but the above is not the commit introducing the > issue, it just move the netif_rx() and later skb access from somewhere > else. > > Please go deeper in git history and find the change that originated the> issue. Ok, will dig it. > > Thanks, > > Paolo > > . >