mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2024-12-29 17:22:07 +00:00
bff1709b39
In the `mac802154_scan_worker` function, the `scan_req->type` field was
accessed after the RCU read-side critical section was unlocked. According
to RCU usage rules, this is illegal and can lead to unpredictable
behavior, such as accessing memory that has been updated or causing
use-after-free issues.
This possible bug was identified using a static analysis tool developed
by myself, specifically designed to detect RCU-related issues.
To address this, the `scan_req->type` value is now stored in a local
variable `scan_req_type` while still within the RCU read-side critical
section. The `scan_req_type` is then used after the RCU lock is released,
ensuring that the type value is safely accessed without violating RCU
rules.
Fixes:
|
||
---|---|---|
.. | ||
cfg.c | ||
cfg.h | ||
driver-ops.h | ||
ieee802154_i.h | ||
iface.c | ||
Kconfig | ||
llsec.c | ||
llsec.h | ||
mac_cmd.c | ||
main.c | ||
Makefile | ||
mib.c | ||
rx.c | ||
scan.c | ||
trace.c | ||
trace.h | ||
tx.c | ||
util.c |