On 7/28/21 7:24 AM, yebin wrote:
On 2021/7/23 12:04, Bart Van Assche wrote:
On 1/12/21 10:31 PM, Ye Bin wrote:
sdev->handler_data = NULL;
+ synchronize_rcu();
kfree(h);
What is the purpose of the new synchronize_rcu() call?
Thanks for your reply.
Yes, I add new synchronize_rcu() call is to wait until *h is no longer
in use. If free
"h" right now , mybe lead to UAF.
If its purpose is
to wait until *h is no longer in use, please use kfree_rcu() instead.
struct rdac_dh_data {
struct list_head node;
.....
}
As rdac_dh_data.node type is "struct list_head", but kfree_rcu the
first parameter type is
"struct rcu_head". So we can only use synchronize_rcu() at here.
Ah, that's right. Hence:
Reviewed-by: Bart Van Assche <bvanassche@xxxxxxx>
