Re: [PATCH v0] mctp: fix netdev reference bug
From: Matt Johnston
Date: Wed Mar 23 2022 - 23:18:13 EST
Hi Lin Ma,
On Thu, 2022-03-24 at 10:39 +0800, Lin Ma wrote:
> In extended addressing mode, function mctp_local_output() fetch netdev
> through dev_get_by_index_rcu, which won't increase netdev's reference
> counter. Hence, the reference may underflow when mctp_local_output calls
> dev_put(), results in possible use after free.
>
> This patch adds dev_hold() to fix the reference bug.
This was already fixed in net-next to increment the refcount in
__mctp_dev_get() and use mctp_dev_put().
dc121c008491 ("mctp: make __mctp_dev_get() take a refcount hold")
e297db3eadd7 ("mctp: Fix incorrect netdev unref for extended addr")
Thanks,
Matt