mirror of
https://github.com/torvalds/linux.git
synced 2026-03-07 23:04:33 +01:00
d793458c45
In rawsock_release(), cancel any pending tx_work and purge the write
queue before orphaning the socket. rawsock_tx_work runs on the system
workqueue and calls nfc_data_exchange which dereferences the NCI
device. Without synchronization, tx_work can race with socket and
device teardown when a process is killed (e.g. by SIGKILL), leading
to use-after-free or leaked references.
Set SEND_SHUTDOWN first so that if tx_work is already running it will
see the flag and skip transmitting, then use cancel_work_sync to wait
for any in-progress execution to finish, and finally purge any
remaining queued skbs.
Fixes:
|
||
|---|---|---|
| .. | ||
| hci | ||
| nci | ||
| af_nfc.c | ||
| core.c | ||
| digital.h | ||
| digital_core.c | ||
| digital_dep.c | ||
| digital_technology.c | ||
| Kconfig | ||
| llcp.h | ||
| llcp_commands.c | ||
| llcp_core.c | ||
| llcp_sock.c | ||
| Makefile | ||
| netlink.c | ||
| nfc.h | ||
| rawsock.c | ||