net: ena: PHC: Fix potential use-after-free in get_timestamp - kernel/linux.git

diff options

author	Arthur Kiyanovski <akiyano@amazon.com>	2026-05-08 09:21:21 +0300
committer	Jakub Kicinski <kuba@kernel.org>	2026-05-10 20:05:50 +0300
commit	e42c755582f0960e684298762f0ab927b3778376 (patch)
tree	103559262a17cdca03b92fb904f72a891212ebec /scripts/stackdelta
parent	46e9b0224475abc739612ef72c35b7c90211a0c1 (diff)
download	linux-e42c755582f0960e684298762f0ab927b3778376.tar.xz

net: ena: PHC: Fix potential use-after-free in get_timestamp

Move the phc->active check and resp pointer assignment to after acquiring the spinlock. Previously, phc->active was checked without holding the lock, and resp was cached from ena_dev->phc.virt_addr before the lock was acquired. If ena_com_phc_destroy() runs between the lockless active check and the lock acquisition, it sets active=false, releases the lock, frees the DMA memory, and sets virt_addr=NULL. The get_timestamp path would then read a NULL virt_addr and dereference it. With both the active check and the pointer read under the lock, destroy cannot free the memory while get_timestamp is using it. Fixes: e0ea34158ee8 ("net: ena: Add PHC support in the ENA driver") Cc: stable@vger.kernel.org Signed-off-by: Arthur Kiyanovski <akiyano@amazon.com> Reviewed-by: Vadim Fedorenko <vadim.fedorenko@linux.dev> Link: https://patch.msgid.link/20260508062126.7273-1-akiyano@amazon.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Diffstat (limited to 'scripts/stackdelta')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: