Re: [PATCH v2] ethernet:enic: Fix a use after free bug in enic_hard_start_xmit

From: Govindarajulu Varadarajan (gvaradar)
Date: Mon May 03 2021 - 03:29:05 EST


On Sun, 2021-05-02 at 04:58 -0700, Lv Yunlong wrote:
> In enic_hard_start_xmit, it calls enic_queue_wq_skb(). Inside
> enic_queue_wq_skb, if some error happens, the skb will be freed
> by dev_kfree_skb(skb). But the freed skb is still used in
> skb_tx_timestamp(skb).
>
> My patch makes enic_queue_wq_skb() return error and goto spin_unlock()
> incase of error. The solution is provided by Govind.
> See https://lkml.org/lkml/2021/4/30/961.
>
> Fixes: fb7516d42478e ("enic: add sw timestamp support")
> Signed-off-by: Lv Yunlong <lyl2019@xxxxxxxxxxxxxxxx>

Thanks,

Acked-by: Govindarajulu Varadarajan <gvaradar@xxxxxxxxx>