From 799bac5512188522213e2d7eb78ca7094dfdf30c Mon Sep 17 00:00:00 2001 From: Linus Torvalds Date: Sat, 24 Apr 2021 09:32:35 -0700 Subject: [PATCH] Revert "net/rds: Avoid potential use after free in rds_send_remove_from_sock" This reverts commit 0c85a7e87465f2d4cbc768e245f4f45b2f299b05. The games with 'rm' are on (two separate instances) of a local variable, and make no difference. Quoting Aditya Pakki: "I was the author of the patch and it was the cause of the giant UMN revert. The patch is garbage and I was unaware of the steps involved in retracting it. I *believed* the maintainers would pull it, given it was already under Greg's list. The patch does not introduce any bugs but is pointless and is stupid. I accept my incompetence and for not requesting a revert earlier." Link: https://lwn.net/Articles/854319/ Requested-by: Aditya Pakki Cc: Santosh Shilimkar Cc: David S. Miller Cc: Al Viro Signed-off-by: Linus Torvalds --- net/rds/message.c | 1 - net/rds/send.c | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/net/rds/message.c b/net/rds/message.c index 4fc66ff0f1ec..799034e0f513 100644 --- a/net/rds/message.c +++ b/net/rds/message.c @@ -180,7 +180,6 @@ void rds_message_put(struct rds_message *rm) rds_message_purge(rm); kfree(rm); - rm = NULL; } } EXPORT_SYMBOL_GPL(rds_message_put); diff --git a/net/rds/send.c b/net/rds/send.c index fe5264b9d4b3..985d0b7713ac 100644 --- a/net/rds/send.c +++ b/net/rds/send.c @@ -665,7 +665,7 @@ static void rds_send_remove_from_sock(struct list_head *messages, int status) unlock_and_drop: spin_unlock_irqrestore(&rm->m_rs_lock, flags); rds_message_put(rm); - if (was_on_sock && rm) + if (was_on_sock) rds_message_put(rm); }