Hi Dongliang,
On 1/22/22 09:45, Dongliang Mu wrote:
[...]
Yeah, it seems like (at least based on code), that this dangling pointer
is not dangerous, since nothing accesses it. And next_siblings
_guaranteed_ to be NULL, since dev->next_siblings is set NULL in
disconnect()
Yes, you're right. As a security researcher, I am sensitive to such
dangling pointers.
As its nullifying site is across functions, I suggest developers
remove this dangling pointer in case that any newly added code in this
function or before the nullifying location would touch next_siblings.
Based on git blame this driver is very old (was added in 2012), so, I
guess, nothing really new will come up.
Anyway, I am absolutely not a security person and if you think, that
this dangling pointer can be somehow used in exploitation you should
state it in commit message.
If Pavel and others think it's fine, then it's time to close this patch.
I don't have any big objections on the code itself. Maybe only 'if' can
be removed to just speed up the code, but I don't see why this change is
needed :)
With regards,
Pavel Skripkin
