20:01:54 (星期一)
> 收件人: kv...@codeaurora.org, da...@davemloft.net, k...@kernel.org
> 抄送: ath...@lists.infradead.org, linux-wirel...@vger.kernel.org,
> netdev@vger.kernel.org, linux-ker...@vger.kernel.org, "Lv Yunlong"
>
> 主题: [PATCH] wireless: ath10k: Fix a use after free in ath10k_ht
In ath10k_htc_send_bundle, the bundle_skb could be freed by
dev_kfree_skb_any(bundle_skb). But the bundle_skb is used later
by bundle_skb->len.
As skb_len = bundle_skb->len, my patch replaces bundle_skb->len to
skb_len after the bundle_skb was freed.
Fixes: c8334512f3dd1 ("ath10k: add htt TX bund
