From: Cong Wang
Date: Mon, 24 Jul 2017 10:07:32 -0700
> There are multiple reports showing we have a use-after-free in
> the timer prb_retire_rx_blk_timer_expired(), where we use struct
> tpacket_kbdq_core::pkbdq, a pg_vec, after it gets freed by
> free_pg_vec().
>
> The interesting part is it i
There are multiple reports showing we have a use-after-free in
the timer prb_retire_rx_blk_timer_expired(), where we use struct
tpacket_kbdq_core::pkbdq, a pg_vec, after it gets freed by
free_pg_vec().
The interesting part is it is not freed via packet_release() but
via packet_setsockopt(), which
