> > For example the TODO entry at line 876: If pi433_release() is
> > called while pi433_ioctl() is executing between lines 879 and
> > 880, we might perform a NULL pointer dereference, right ?
>
> Yes, no, maybe. That's what kernel locks are for. Is that data
> protected against concurrent access by a lock of some sort?
No, I don't think so. The release function doesn't ask for any kind
of lock before freeing that data, nor does the ioctl function. Also,
this ioctl function is unlocked_ioctl, so AFAIK it should be self
responsible for locking/synchronization stuff (most docs I've
read are getting pretty old now, from the 2.6 times where the BKL
was still something 'common' and lots of drivers were still using
ioctl(), but I don't think it's the case anymore).
So, if pi433_release() and pi433_ioctl() can be concurrently executed
then this issue might happen.
I'll submit a patch. Thanks !
Cheers,
Hugo
--
Hugo Lefeuvre (hle) | www.owl.eu.com
4096/ 9C4F C8BF A4B0 8FC5 48EB 56B8 1962 765B B9A8 BACA
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
