Re: [PATCH v2] net/rds: Fix a use after free in rds_message_map_pages

Hello: This patch was applied to netdev/net.git (refs/heads/master): On Tue, 30 Mar 2021 18:59:59 -0700 you wrote: > In rds_message_map_pages, the rm is freed by rds_message_put(rm). > But rm is still used by rm->data.op_sg in return value. > > My patch assigns ERR_CAST(rm->data.op_sg) to err be

Re: [PATCH v2] net/rds: Fix a use after free in rds_message_map_pages

> On 31 Mar 2021, at 03:59, Lv Yunlong wrote: > > In rds_message_map_pages, the rm is freed by rds_message_put(rm). > But rm is still used by rm->data.op_sg in return value. > > My patch assigns ERR_CAST(rm->data.op_sg) to err before the rm is > freed to avoid the uaf. > > Fixes: 7dba92037baf

[PATCH v2] net/rds: Fix a use after free in rds_message_map_pages

In rds_message_map_pages, the rm is freed by rds_message_put(rm). But rm is still used by rm->data.op_sg in return value. My patch assigns ERR_CAST(rm->data.op_sg) to err before the rm is freed to avoid the uaf. Fixes: 7dba92037baf3 ("net/rds: Use ERR_PTR for rds_message_alloc_sgs()") Signed-off-