MIME-Version: 1.0
References: <20230310105734.1574078-1-zyytlz.wz@163.com> <20230313170046.287bae8d@kernel.org>
In-Reply-To: <20230313170046.287bae8d@kernel.org>
From:   Zheng Hacker <hackerzheng666@gmail.com>
Date:   Tue, 14 Mar 2023 10:11:42 +0800
Message-ID: <CAJedcCzaQZfyNzx0tE40k4sK=wmC3hdQ07cUNXwk8nukMYdw2Q@mail.gmail.com>
Subject: Re: [PATCH net] net: qcom/emac: Fix use after free bug in emac_remove
 due to race condition
To:     Jakub Kicinski <kuba@kernel.org>
Cc:     Zheng Wang <zyytlz.wz@163.com>, timur@kernel.org,
        davem@davemloft.net, edumazet@google.com, pabeni@redhat.com,
        netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
        1395428693sheep@gmail.com, alex000young@gmail.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Precedence: bulk

Jakub Kicinski <kuba@kernel.org> =E4=BA=8E2023=E5=B9=B43=E6=9C=8814=E6=97=
=A5=E5=91=A8=E4=BA=8C 08:00=E5=86=99=E9=81=93=EF=BC=9A
>
> On Fri, 10 Mar 2023 18:57:34 +0800 Zheng Wang wrote:
> > +     netif_carrier_off(netdev);
> > +     netif_tx_disable(netdev);
> > +     cancel_work_sync(&adpt->work_thread);
> >       unregister_netdev(netdev);
> >       netif_napi_del(&adpt->rx_q.napi);
>
> same problem as in the natsemi driver

Hi Jakub,

Thanks for your reply. Here we schedule the work when handling IRQ
request, So I think we should add free_irq after netif_napi_del and move
the cancel_work_sync after that like:

netif_carrier_off(netdev);
netif_tx_disable(netdev);

unregister_netdev(netdev);
netif_napi_del(&adpt->rx_q.napi);

free_irq(adpt->irq.irq, &adpt->irq);
cancel_work_sync(&adpt->work_thread);

Apprecaite for your advice about the fix.

Best regards,
Zheng