From: Xin Long <lucien.xin@xxxxxxxxx> Date: Thu, 8 Sep 2016 17:49:04 +0800 > Now sctp uses the transport without holding it in sctp_hash_cmp, > it can cause a use-after-free panic. As after it get transport from > hashtable, another CPU may free it, then the members it accesses > may be unavailable memory. > > This patch is to use sctp_transport_hold, in which it checks the > refcnt first, holds it if it's not 0. > > Signed-off-by: Xin Long <lucien.xin@xxxxxxxxx> Please add more detail to the commit message and add a proper "Fixes: " tag right before your signoff. Thanks. -- To unsubscribe from this list: send the line "unsubscribe linux-sctp" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
