Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A8BA2C64ED8 for ; Thu, 23 Feb 2023 21:29:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229626AbjBWV3N (ORCPT ); Thu, 23 Feb 2023 16:29:13 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42054 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229584AbjBWV2t (ORCPT ); Thu, 23 Feb 2023 16:28:49 -0500 Received: from mail-qk1-x72c.google.com (mail-qk1-x72c.google.com [IPv6:2607:f8b0:4864:20::72c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DCDAF48E3B; Thu, 23 Feb 2023 13:28:48 -0800 (PST) Received: by mail-qk1-x72c.google.com with SMTP id bj35so2935452qkb.8; Thu, 23 Feb 2023 13:28:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=xcnV+WgofUdUnjHcn7ttpHLZ5uRJGLZF9ORsYeoBcbk=; b=Jda2qXz5ZcSOX9oiet2fZus9g6dKWs5X4QEqA03KqGYW53Sk4A4Excv/83QdbL4m+r ZKy/hqFLy8E1cLfzbiBC/WFUzSK3LkpxSXW9H819vHn1Ip+zm40gCm5lD87arSla8llT wYwh/bRPU2Om2s7tGEaEAqauoqA+lj3d69EaCBJSIrrq9bH1z7CFVBNpBP9rVO2ZdbzV Z9Jn/eE9Wker9utigtgLgdO/yAswVBSmeEc5RV1YfHN8tcepTuKeHA0Rzu5ohazBT/wT vU/DrMzMAMTU5STqakuy08k/6F2fW2VARKPIvidCqCk9JQX3V/Oaz8yLwx4WKfltBryh D4ww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=xcnV+WgofUdUnjHcn7ttpHLZ5uRJGLZF9ORsYeoBcbk=; b=7UJ+8DpAhUBWCh7jaX2K2h3cnK4zBa5oyDB0Bz58wKZmD+aOevAdwhRL2A3DVvDeVr 7wspmexyqhUp3se3hneA2I50BpZavu+4gFNRgrlz8toKy1KG3BQXse7m5fGrnSUWBHpc MZiwvFOrCJ69ATyT7AiSOdQrh7zh7rgNIW55crBWxClJvsaGPYVkYziMMPnoV8tCjGvP kAG12qX9hZPF03w/ZsOO6J5EQz1vnz8qkyI8+F0uVPD75uvYsUJ3yxFC9E6BTDlUhnoW b0GkIekGuz5UwFxdEz06vtA3Rimkd9TnQDKa3nyyMbOaSPUb+Tp95qrtzoLCUsyaNB+U HdSQ== X-Gm-Message-State: AO0yUKXXm5Kmwcg3O7JoDspQLxcnp4NzXwHqxISV9t4O4yOZoSQ5KL7A vOuSiMQndG5XDDphKTjgKsPm+draMPPyWIq2tkUpNbSQjpiAERGY9D4= X-Google-Smtp-Source: AK7set/Rw1eMOOQeLyIb2ALAtyWO7vjkufPbwgJNJmJCxVMFW2vQMrp2nO3n5eGrlqT/MSHDurWAQBibA4YGmQh/yGc= X-Received: by 2002:a05:620a:342:b0:73b:a6e7:adb7 with SMTP id t2-20020a05620a034200b0073ba6e7adb7mr2310982qkm.14.1677187727732; Thu, 23 Feb 2023 13:28:47 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Mikhail Gavrilov Date: Fri, 24 Feb 2023 02:28:36 +0500 Message-ID: Subject: Re: [6.3][regression] commit 2f5c3c77fc9b6a34b68b97231bfa970e1194ec28 definitely causes use-after-free To: Lorenzo Bianconi Cc: Felix Fietkau , deren.wu@mediatek.com, Linux List Kernel Mailing , Linux List Kernel Mailing Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Feb 23, 2023 at 10:38 PM Lorenzo Bianconi wrote: > > Hi Mike, > > can you please check if the patch below fixes the issue? > > Regards, > Lorenzo > > diff --git a/drivers/net/wireless/mediatek/mt76/usb.c b/drivers/net/wireless/mediatek/mt76/usb.c > index b88959ef38aa..5e5c7bf51174 100644 > --- a/drivers/net/wireless/mediatek/mt76/usb.c > +++ b/drivers/net/wireless/mediatek/mt76/usb.c > @@ -706,6 +706,7 @@ mt76u_free_rx_queue(struct mt76_dev *dev, struct mt76_queue *q) > q->entry[i].urb = NULL; > } > page_pool_destroy(q->page_pool); > + q->page_pool = NULL; > } > > static void mt76u_free_rx(struct mt76_dev *dev) > > Thanks, with this patch use-after-free issue gone. Tested-by: Mikhail Gavrilov -- Best Regards, Mike Gavrilov.