• David Howells's avatar
    rxrpc: Fix a couple of potential use-after-frees · 0e50d999
    David Howells authored
    At the end of rxrpc_recvmsg(), if a call is found, the call is put and then
    a trace line is emitted referencing that call in a couple of places - but
    the call may have been deallocated by the time those traces happen.
    
    Fix this by stashing the call debug_id in a variable and passing that to
    the tracepoint rather than the call pointer.
    
    Fixes: 84997905 ("rxrpc: Add a tracepoint to follow what recvmsg does")
    Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
    cc: Marc Dionne <marc.dionne@auristor.com>
    cc: linux-afs@lists.infradead.org
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    0e50d999
recvmsg.c 16.3 KB