Re: [PATCH] netvsc: fix use-after-free in netvsc_change_mtu()

From: Stephen Hemminger
Date: Thu Mar 02 2017 - 13:12:53 EST


On Thu, 2 Mar 2017 13:00:53 +0000
Dexuan Cui <decui@xxxxxxxxxxxxx> wrote:

> 'nvdev' is freed in rndis_filter_device_remove -> netvsc_device_remove ->
> free_netvsc_device, so we mustn't access it, before it's re-created in
> rndis_filter_device_add -> netvsc_device_add.
>
> Signed-off-by: Dexuan Cui <decui@xxxxxxxxxxxxx>
> Cc: "K. Y. Srinivasan" <kys@xxxxxxxxxxxxx>
> Cc: Haiyang Zhang <haiyangz@xxxxxxxxxxxxx>
> Cc: Stephen Hemminger <sthemmin@xxxxxxxxxxxxx>

Reviewed-by: Stephen Hemminger <sthemmin@xxxxxxxxxxxxx>