[openib-general] Re: [PATCH] ipoib_mcast_restart_task
Roland Dreier
rdreier at cisco.com
Wed Apr 5 08:43:51 PDT 2006
Michael> Not sure I read you. It'd still be use after free, won't it?
It's definitely a bug. But it doesn't explain the specific oops we
saw. In other words, doing:
kfree(mcast);
dev = mcast->dev;
shouldn't cause an oops, because mcast is still a valid kernel
pointer, even if the memory it points to might be reused and
corrupted. Following the dev pointer after that snippet might cause
an oops, because it might be overwritten.
- R.
More information about the general
mailing list