Re: [PATCH v0] mctp: fix netdev reference bug
From: Lin Ma
Date: Wed Mar 23 2022 - 23:35:03 EST
Hi Matt,
Oops, sorry for the false alarm, I found this on mainline kernel and I should checkout net-next before sending the patch.
Regards
>Hi Lin Ma,
>
>On Thu, 2022-03-24 at 10:39 +0800, Lin Ma wrote:
>> In extended addressing mode, function mctp_local_output() fetch netdev
>> through dev_get_by_index_rcu, which won't increase netdev's reference
>> counter. Hence, the reference may underflow when mctp_local_output calls
>> dev_put(), results in possible use after free.
>>
>> This patch adds dev_hold() to fix the reference bug.
>
>This was already fixed in net-next to increment the refcount in
>__mctp_dev_get() and use mctp_dev_put().
>
>dc121c008491 ("mctp: make __mctp_dev_get() take a refcount hold")
>e297db3eadd7 ("mctp: Fix incorrect netdev unref for extended addr")
>
>Thanks,
>Matt