On Wednesday 05 April 2006 18:43, Roland Dreier wrote: > Michael> Not sure I read you. It'd still be use after free, won't it? > > It's definitely a bug. But it doesn't explain the specific oops we > saw. In other words, doing: > > kfree(mcast); > dev = mcast->dev; > > shouldn't cause an oops, because mcast is still a valid kernel > pointer, even if the memory it points to might be reused and > corrupted. Following the dev pointer after that snippet might cause > an oops, because it might be overwritten. >
The reason for that is probably because I am using a custom kernel compiled with 'Debug memory allocations' which poisons freed memory. _______________________________________________ openib-general mailing list [email protected] http://openib.org/mailman/listinfo/openib-general To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
