On Wed, Oct 02, 2019 at 04:35:06PM -0500, Navid Emamdoost wrote: > Hi Jason, > > Thanks for the feedback. Yes, you are right if the skb release is > moved under err4 label it will cause a double free as > c4iw_ref_send_wait will release skb in case of error. > So, in order to avoid leaking skb in case of c4iw_bar2_addrs failure, > the kfree(skb) could be placed under the error check like the way > patch v1 did. Do you see any mistake in version 1? > https://lore.kernel.org/patchwork/patch/1128510/ No, it is not enough. c4iw_ref_send_wait() -> c4iw_wait_for_reply() -> return wr_waitp->ret; <--- can be -EIO Thanks
