>>> Just above the copy_to_user() call there is the following statement: >>> >>> list_add_tail(&fibctx->next, &dev->fib_list); >>> >>> Does that mean that the above kfree() will cause list corruption? >> >> Yes, you are correct. I overlooked that fibctx is part of a list, and freeing the >> memory without removing the list entry would corrupt the list. >> The list entry should be deleted before freeing the memory if copy_to_user() fails. > > Are you sure that this is what the code should do? Yes, removing the list entry before freeing the memory is necessary to maintain list integrity and prevent corruption. If there are any other methods, additional checks, or potential issues with this approach that I should consider, please let me know, and I'll make the necessary adjustments promptly. Regards, Riyan Dhiman
