Re: [6.3][regression] commit 2f5c3c77fc9b6a34b68b97231bfa970e1194ec28 definitely causes use-after-free

From: Mikhail Gavrilov
Date: Thu Feb 23 2023 - 16:29:45 EST


On Thu, Feb 23, 2023 at 10:38 PM Lorenzo Bianconi <lorenzo@xxxxxxxxxx> wrote:
>
> Hi Mike,
>
> can you please check if the patch below fixes the issue?
>
> Regards,
> Lorenzo
>
> diff --git a/drivers/net/wireless/mediatek/mt76/usb.c b/drivers/net/wireless/mediatek/mt76/usb.c
> index b88959ef38aa..5e5c7bf51174 100644
> --- a/drivers/net/wireless/mediatek/mt76/usb.c
> +++ b/drivers/net/wireless/mediatek/mt76/usb.c
> @@ -706,6 +706,7 @@ mt76u_free_rx_queue(struct mt76_dev *dev, struct mt76_queue *q)
> q->entry[i].urb = NULL;
> }
> page_pool_destroy(q->page_pool);
> + q->page_pool = NULL;
> }
>
> static void mt76u_free_rx(struct mt76_dev *dev)
>
>

Thanks, with this patch use-after-free issue gone.

Tested-by: Mikhail Gavrilov <mikhail.v.gavrilov@xxxxxxxxx>

--
Best Regards,
Mike Gavrilov.