[openib-general] Re: [PATCH] ipoib_mcast_restart_task

Roland Dreier rdreier at cisco.com
Wed Apr 5 08:43:51 PDT 2006


    Michael> Not sure I read you. It'd still be use after free, won't it?

It's definitely a bug.  But it doesn't explain the specific oops we
saw.  In other words, doing:

	kfree(mcast);
	dev = mcast->dev;

shouldn't cause an oops, because mcast is still a valid kernel
pointer, even if the memory it points to might be reused and
corrupted.  Following the dev pointer after that snippet might cause
an oops, because it might be overwritten.

 - R.




More information about the general mailing list