> -----Original Message----- > From: ath10k [mailto:ath10k-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Felix > Fietkau > Sent: Sunday, February 11, 2018 5:59 PM > To: Carl Huang <cjhuang@xxxxxxxxxxxxxx>; ath10k@xxxxxxxxxxxxxxxxxxx > Cc: linux-wireless@xxxxxxxxxxxxxxx > Subject: Re: [PATCH] ath10k: fix use-after-free in > ath10k_wmi_cmd_send_nowait > > On 2018-02-11 03:56, Carl Huang wrote: > > The skb may be freed in tx completion context before > > trace_ath10k_wmi_cmd is called. This can be easily captured when > > KASAN(Kernel Address Sanitizer) is enabled. The fix is to add a > > reference count to the skb and release it after trace_ath10k_wmi_cmd > > is called. > > > > Signed-off-by: Carl Huang <cjhuang@xxxxxxxxxxxxxx> > I think it makes more sense to simply call the trace function before > ath10k_htc_send. Also, for a trivial change like this it probably does not make > sense to add a Copyright line either. > Agree that Moving the trace function before ath10k_htc_send is more simple, but then the parameter ret has no meaning and can't trace the return value of ath10k_htc_send. Besides that, skb->data and skb->len have different value if putting trace function before ath10k_htc_send, and this may be fine since the main purpose is to trace the wmi information and not htc header information. For the Copyright line, need Kalle Valo to comment. > > _______________________________________________ > ath10k mailing list > ath10k@xxxxxxxxxxxxxxxxxxx > http://lists.infradead.org/mailman/listinfo/ath10k
