projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a150615) | patch
net: possible use after free in dst_release
authorFrancesco Ruggeri <fruggeri@aristanetworks.com>
Wed, 6 Jan 2016 08:18:48 +0000 (00:18 -0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 29 Jan 2016 05:49:34 +0000 (21:49 -0800)
commit439af14e3bc177dedd4e5b96c8ca17de5480c6cf
treedaa941a7f86f2c97de7d78c07009909418159382tree | snapshot (tar.gz zip)
parenta15061500d6a7290c03c8aae5863835865bf8312commit | diff
net: possible use after free in dst_release

[ Upstream commit 07a5d38453599052aff0877b16bb9c1585f08609 ]

dst_release should not access dst->flags after decrementing
__refcnt to 0. The dst_entry may be in dst_busy_list and
dst_gc_task may dst_destroy it before dst_release gets a chance
to access dst->flags.

Fixes: d69bbf88c8d0 ("net: fix a race in dst_release()")
Fixes: 27b75c95f10d ("net: avoid RCU for NOCACHE dst")
Signed-off-by: Francesco Ruggeri <fruggeri@arista.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net/core/dst.c diff | blob | blame | history
kernel source for telekom puls (alcatel/mediatek)