[openib-general] Re: [PATCH] ipoib_mcast_restart_task

Eli Cohen eli at mellanox.co.il
Wed Apr 5 23:37:00 PDT 2006


On Wednesday 05 April 2006 18:43, Roland Dreier wrote:
>     Michael> Not sure I read you. It'd still be use after free, won't it?
>
> It's definitely a bug.  But it doesn't explain the specific oops we
> saw.  In other words, doing:
>
> 	kfree(mcast);
> 	dev = mcast->dev;
>
> shouldn't cause an oops, because mcast is still a valid kernel
> pointer, even if the memory it points to might be reused and
> corrupted.  Following the dev pointer after that snippet might cause
> an oops, because it might be overwritten.
>

The reason for that is probably because I am using a custom kernel compiled
with 'Debug memory allocations' which poisons freed memory.



More information about the general mailing list