On Fri, 17 Dec 2021 13:46:06 +0000 Lee Jones wrote: > For example, in sctp_sock_dump(), we could have the following hunk: > > sctp_endpoint_hold(tsp->asoc->ep); > ep = tsp->asoc->ep; > sk = ep->base.sk > lock_sock(ep->base.sk); > > It is possible for this task to be swapped out immediately following > the call into sctp_endpoint_hold() that would change the address of > tsp->asoc->ep to point to a completely different endpoint. This means > a reference could be taken to the old endpoint and the new one would > be processed without a reference taken, moreover the new endpoint > could then be freed whilst still processing as a result, causing a > use-after-free. > > If we return the exact pointer that was held, we ensure this task > processes only the endpoint we have taken a reference to. The > resultant hunk now looks like this: > > ep = sctp_endpoint_hold(tsp->asoc->ep); > sk = ep->base.sk > lock_sock(sk); If you have to explain what the next patch will do to make sense of this one it really is better to merge the two patches. Exporting something is not a functional change, nor does it make the changes easier to review, in fact the opposite is true. > Fixes: 8f840e47f190c ("sctp: add the sctp_diag.c file") This patch in itself fixes exactly nothing.