nfc: rawsock: cancel tx_work before socket teardown - kernel

diff options

author	Jakub Kicinski <kuba@kernel.org>	2026-03-03 08:23:45 -0800
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2026-03-13 17:20:45 +0100
commit	78141b8832e16d80d09cbefb4258612db0777a24 (patch)
tree	879d18167bc0a06c49ca13330829cddc0a45d99a /usr
parent	0beea51b28b2fbced5cc91a1c0d2848dd5eb550f (diff)

nfc: rawsock: cancel tx_work before socket teardown

[ Upstream commit d793458c45df2aed498d7f74145eab7ee22d25aa ] In rawsock_release(), cancel any pending tx_work and purge the write queue before orphaning the socket. rawsock_tx_work runs on the system workqueue and calls nfc_data_exchange which dereferences the NCI device. Without synchronization, tx_work can race with socket and device teardown when a process is killed (e.g. by SIGKILL), leading to use-after-free or leaked references. Set SEND_SHUTDOWN first so that if tx_work is already running it will see the flag and skip transmitting, then use cancel_work_sync to wait for any in-progress execution to finish, and finally purge any remaining queued skbs. Fixes: 23b7869c0fd0 ("NFC: add the NFC socket raw protocol") Reviewed-by: Joe Damato <joe@dama.to> Link: https://patch.msgid.link/20260303162346.2071888-6-kuba@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>

Diffstat (limited to 'usr')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: