git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Oliver Hartkopp <socketcan@hartkopp.net>
	Mon, 19 May 2025 12:50:27 +0000 (14:50 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 4 Jun 2025 12:40:20 +0000 (14:40 +0200)
commit	6d7d458c41b98a5c1670cbd36f2923c37de51cf5
tree	82269c67818f39b3dab9cc0cba85259dc9b37601	tree
parent	2a437b86ac5a9893c902f30ef66815bf13587bf6	commit \| diff

can: bcm: add missing rcu read protection for procfs content

commit dac5e6249159ac255dad9781793dbe5908ac9ddb upstream.

When the procfs content is generated for a bcm_op which is in the process
to be removed the procfs output might show unreliable data (UAF).

As the removal of bcm_op's is already implemented with rcu handling this
patch adds the missing rcu_read_lock() and makes sure the list entries
are properly removed under rcu protection.

Fixes: f1b4e32aca08 ("can: bcm: use call_rcu() instead of costly synchronize_rcu()")
Reported-by: Anderson Nascimento <anderson@allelesecurity.com>
Suggested-by: Anderson Nascimento <anderson@allelesecurity.com>
Tested-by: Anderson Nascimento <anderson@allelesecurity.com>
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Link: https://patch.msgid.link/20250519125027.11900-2-socketcan@hartkopp.net
Cc: stable@vger.kernel.org # >= 5.4
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>