On Mon, Feb 24, 2020 at 11:06:48AM +0800, yangerkun wrote:
cc David and netdev mail list too.
On 2020/2/22 17:46, yangerkun wrote:
After commit e4c157955483 ("slip: Fix use-after-free Read in slip_open"), we will double free sl->dev since sl_free_netdev will free sl->dev too. It's fine for mainline since sl_free_netdev in mainline won't free sl->dev.
Signed-off-by: yangerkun yangerkun@huawei.com
drivers/net/slip/slip.c | 1 - 1 file changed, 1 deletion(-)
diff --git a/drivers/net/slip/slip.c b/drivers/net/slip/slip.c index ef6b25ec75a1..7fe9183fad0e 100644 --- a/drivers/net/slip/slip.c +++ b/drivers/net/slip/slip.c @@ -861,7 +861,6 @@ err_free_chan: tty->disc_data = NULL; clear_bit(SLF_INUSE, &sl->flags); sl_free_netdev(sl->dev);
- free_netdev(sl->dev); err_exit: rtnl_unlock();
What commit causes this only to be needed on the 4.4-stable tree? Can you please list it in the commit log so that we know this?
And this is only for 4.4.y, not 4.9.y or anything else? Why?
thanks,
greg k-h