On Mon, Feb 3, 2020 at 11:58 AM Cong Wang <xiyou.wangcong@xxxxxxxxx> wrote: > > On Mon, Feb 3, 2020 at 12:39 AM Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote: > > Why is that better? > > Because it is designed to be used in this scenario, > as it defers the free after RTNL unlock which is after > sch_tree_unlock() too. Just in case of misunderstanding: I am _not_ suggesting to use rtnl_kfree_skbs() to workaround this use-after-free, rtnl_kfree_skbs() still has to be called after qdisc_pkt_len(), at least for readability, despite that it could indeed workaround the bug. Thanks.
