[openib-general] Re: [PATCH] ipoib_mcast_restart_task

[Roland Dreier]

    Michael> Not sure I read you. It'd still be use after free, won't it?

It's definitely a bug.  But it doesn't explain the specific oops we
saw.  In other words, doing:

	kfree(mcast);
	dev = mcast->dev;

shouldn't cause an oops, because mcast is still a valid kernel
pointer, even if the memory it points to might be reused and
corrupted.  Following the dev pointer after that snippet might cause
an oops, because it might be overwritten.

 - R.