net: rose: convert 'use' field to refcount_t - kernel - Hosts the 0x221E linux distro kernel.

diff options

author	Takamitsu Iwai <takamitz@amazon.co.jp>	2025-08-23 17:58:56 +0900
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2025-09-04 15:31:51 +0200
commit	0085b250fcc79f900c82a69980ec2f3e1871823b (patch)
tree	b8d8907364251f4242a366ed50bdee4a4f64c383 /include/net/aligned_data.h
parent	8e88504a28743d4f0e87f6c0c6a670e66f7b6b5b (diff)

net: rose: convert 'use' field to refcount_t

[ Upstream commit d860d1faa6b2ce3becfdb8b0c2b048ad31800061 ] The 'use' field in struct rose_neigh is used as a reference counter but lacks atomicity. This can lead to race conditions where a rose_neigh structure is freed while still being referenced by other code paths. For example, when rose_neigh->use becomes zero during an ioctl operation via rose_rt_ioctl(), the structure may be removed while its timer is still active, potentially causing use-after-free issues. This patch changes the type of 'use' from unsigned short to refcount_t and updates all code paths to use rose_neigh_hold() and rose_neigh_put() which operate reference counts atomically. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Takamitsu Iwai <takamitz@amazon.co.jp> Reviewed-by: Kuniyuki Iwashima <kuniyu@google.com> Link: https://patch.msgid.link/20250823085857.47674-3-takamitz@amazon.co.jp Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>

Diffstat (limited to 'include/net/aligned_data.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: