[PATCH] ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait
Felix Fietkau
nbd at nbd.name
Sun Feb 11 01:59:02 PST 2018
On 2018-02-11 03:56, Carl Huang wrote:
> The skb may be freed in tx completion context before
> trace_ath10k_wmi_cmd is called. This can be easily captured
> when KASAN(Kernel Address Sanitizer) is enabled. The fix is
> to add a reference count to the skb and release it after
> trace_ath10k_wmi_cmd is called.
>
> Signed-off-by: Carl Huang <cjhuang at codeaurora.org>
I think it makes more sense to simply call the trace function before
ath10k_htc_send. Also, for a trivial change like this it probably does
not make sense to add a Copyright line either.
- Felix
More information about the ath10k
mailing list