Hi Chen, chenaotian2@xxxxxxx wrote on Fri, 7 Apr 2023 09:26:26 +0800: > After replacing e->info, it is necessary to free the old einfo. > > Signed-off-by: Chen Aotian <chenaotian2@xxxxxxx> > --- > drivers/net/ieee802154/mac802154_hwsim.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/drivers/net/ieee802154/mac802154_hwsim.c b/drivers/net/ieee802154/mac802154_hwsim.c > index 8445c2189..6e7e10b17 100644 > --- a/drivers/net/ieee802154/mac802154_hwsim.c > +++ b/drivers/net/ieee802154/mac802154_hwsim.c > @@ -685,7 +685,7 @@ static int hwsim_del_edge_nl(struct sk_buff *msg, struct genl_info *info) > static int hwsim_set_edge_lqi(struct sk_buff *msg, struct genl_info *info) > { > struct nlattr *edge_attrs[MAC802154_HWSIM_EDGE_ATTR_MAX + 1]; > - struct hwsim_edge_info *einfo; > + struct hwsim_edge_info *einfo, *einfo_old; > struct hwsim_phy *phy_v0; > struct hwsim_edge *e; > u32 v0, v1; > @@ -723,8 +723,10 @@ static int hwsim_set_edge_lqi(struct sk_buff *msg, struct genl_info *info) > list_for_each_entry_rcu(e, &phy_v0->edges, list) { > if (e->endpoint->idx == v1) { > einfo->lqi = lqi; > + einfo_old = rcu_dereference(e->info); > rcu_assign_pointer(e->info, einfo); > rcu_read_unlock(); > + kfree_rcu(einfo_old, rcu); > mutex_unlock(&hwsim_phys_lock); > return 0; > } I'm not an RCU expert but the fix LGTM. Reviewed-by: Miquel Raynal <miquel.raynal@xxxxxxxxxxx> What about adding: Fixes: f25da51fdc38 ("ieee802154: hwsim: add replacement for fakelb") Cc: stable@vger.kernelorg Thanks, Miquèl