From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754842AbdCBSMv (ORCPT ); Thu, 2 Mar 2017 13:12:51 -0500 Received: from mail-pf0-f171.google.com ([209.85.192.171]:33442 "EHLO mail-pf0-f171.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752644AbdCBSMW (ORCPT ); Thu, 2 Mar 2017 13:12:22 -0500 Date: Thu, 2 Mar 2017 09:06:52 -0800 From: Stephen Hemminger To: Dexuan Cui Cc: David Miller , netdev , Stephen Hemminger , KY Srinivasan , Haiyang Zhang , "driverdev-devel@linuxdriverproject.org" , "linux-kernel@vger.kernel.org" Subject: Re: [PATCH] netvsc: fix use-after-free in netvsc_change_mtu() Message-ID: <20170302090652.2e9e4471@xeon-e3> In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 2 Mar 2017 13:00:53 +0000 Dexuan Cui wrote: > 'nvdev' is freed in rndis_filter_device_remove -> netvsc_device_remove -> > free_netvsc_device, so we mustn't access it, before it's re-created in > rndis_filter_device_add -> netvsc_device_add. > > Signed-off-by: Dexuan Cui > Cc: "K. Y. Srinivasan" > Cc: Haiyang Zhang > Cc: Stephen Hemminger Reviewed-by: Stephen Hemminger