Hi Dan,
> -----Original Message-----
> From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> Sent: 2020年5月6日 4:47
> To: Claudiu Manoil <claudiu.manoil@xxxxxxx>; Po Liu <po.liu@xxxxxxx>
> Cc: David S. Miller <davem@xxxxxxxxxxxxx>; netdev@xxxxxxxxxxxxxxx;
> kernel-janitors@xxxxxxxxxxxxxxx
> Subject: [PATCH net-next] enetc: Fix use after free in
> stream_filter_unref()
>
>
> This code frees "sfi" and then dereferences it on the next line.
>
> Fixes: 888ae5a3952b ("net: enetc: add tc flower psfp offload driver")
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> ---
> drivers/net/ethernet/freescale/enetc/enetc_qos.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/net/ethernet/freescale/enetc/enetc_qos.c
> b/drivers/net/ethernet/freescale/enetc/enetc_qos.c
> index 48e589e9d0f7c..10d79eb46c2e8 100644
> --- a/drivers/net/ethernet/freescale/enetc/enetc_qos.c
> +++ b/drivers/net/ethernet/freescale/enetc/enetc_qos.c
> @@ -902,8 +902,8 @@ static void stream_filter_unref(struct
> enetc_ndev_priv *priv, u32 index)
> if (z) {
> enetc_streamfilter_hw_set(priv, sfi, false);
> hlist_del(&sfi->node);
> - kfree(sfi);
> clear_bit(sfi->index, epsfp.psfp_sfi_bitmap);
This "sfi->index" should be "index", but the patch is also fix it.
> + kfree(sfi);
> }
> }
>
> --
> 2.26.2
Thanks a lot.
Br,
Po Liu
