On Thu, Jul 31, 2025 at 02:57:31PM +0200, Alexandra Winter wrote:

On 31.07.25 10:42, D. Wythe wrote:

quoted

BPF CI testing report a UAF issue:

[..]

quoted

Fixes: 3b2dec2603d5 ("net/smc: restructure client and server code in af_smc")
Signed-off-by: D. Wythe <alibuda@linux.alibaba.com>
Reviewed-by: Guangguan Wang <redacted>
---
 net/smc/af_smc.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
index 1882bab8e00e..dc72ff353813 100644
--- a/net/smc/af_smc.c
+++ b/net/smc/af_smc.c

@@ -2568,8 +2568,9 @@ static void smc_listen_work(struct work_struct *work)
 			goto out_decl;
 	}
 
-	smc_listen_out_connected(new_smc);
 	SMC_STAT_SERV_SUCC_INC(sock_net(newclcsock->sk), ini);
+	/* smc_listen_out() will release smcsk */
+	smc_listen_out_connected(new_smc);
 	goto out_free;
 
 out_unlock:

As this is a problem fix, you could send it directly to 'net'
instead of including it to this series.

Hi Alexandra,

Yes, it should be sent to net. But the problem is that if I don't carry
this patch, the BPF CI test will always crash. Maybe I should send a
copy to both net and bpf-next? Do you have any suggestions?

Best wishes,
D. Wythe

Reviewed-by: Alexandra Winter <wintera@linux.ibm.com>