Re: [PATCH] RDMA/rxe: Fix use-after-free of netdev in smc_ib_port_event_work

Next message: Andy Shevchenko: "Re: [PATCH v3] iio: accel: bmc150: use guard(mutex) for mutex handling"
Previous message: Lorenzo Stoakes: "Re: [PATCH mm-unstable v19 10/14] mm/khugepaged: introduce collapse_possible_orders helper functions"
In reply to: Zhu Yanjun: "Re: [PATCH] RDMA/rxe: Fix use-after-free of netdev in smc_ib_port_event_work"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jason Gunthorpe

Date: Fri Jun 05 2026 - 13:56:09 EST

On Wed, Jun 03, 2026 at 06:09:19AM -0400, Jordan Walters wrote:
> @@ -663,6 +663,7 @@ void rxe_net_del(struct ib_device *dev)
> if (sk)
> rxe_sock_put(sk, rxe_ns_pernet_set_sk6, net);
>
> + ib_device_set_netdev(dev, NULL, 1);
> dev_put(ndev);

None of how rxe is handling the netdev seems to be correct at all.

The affiliated netdev of an IB device cannot be unrefed until the ib
device itself is destroyed, the above is just more racy wrongness even
if it makes the splat go away.

rxe_net_del() needs to be deleted, not patched.

I'm getting very fed up with all this RXE garbage, it has got a lot
worse lately with all these attempts to "improve" it and I don't want
to be looking at this endless stream of bugs reports.

and zhu don't send me any more AI written emails.

Jason