can: j1939: j1939_session_deactivate(): clarify lifetime of session object - linux/linux-stable.git

diff options

author	Oleksij Rempel <o.rempel@pengutronix.de>	2021-07-14 13:16:02 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2021-08-04 12:27:40 +0200
commit	7eef18c0479ba5d9f54fba30cd77c233ebca3eb1 (patch)
tree	167291c136b24067e5979ad63d387b062facef49 /net/lapb/lapb_timer.c
parent	18b536de3b976a4602616864a7ac5a1241e2e5e5 (diff)

can: j1939: j1939_session_deactivate(): clarify lifetime of session object

commit 0c71437dd50dd687c15d8ca80b3b68f10bb21d63 upstream. The j1939_session_deactivate() is decrementing the session ref-count and potentially can free() the session. This would cause use-after-free situation. However, the code calling j1939_session_deactivate() does always hold another reference to the session, so that it would not be free()ed in this code path. This patch adds a comment to make this clear and a WARN_ON, to ensure that future changes will not violate this requirement. Further this patch avoids dereferencing the session pointer as a precaution to avoid use-after-free if the session is actually free()ed. Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol") Link: https://lore.kernel.org/r/20210714111602.24021-1-o.rempel@pengutronix.de Reported-by: Xiaochen Zou <xzou017@ucr.edu> Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'net/lapb/lapb_timer.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: