projects
/
GitHub
/
LineageOS
/
android_kernel_motorola_exynos9610.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
715448f
)
veth: fix NULL dereference in veth_dellink()
author
Eric Dumazet
<edumazet@google.com>
Fri, 8 Feb 2013 20:10:49 +0000
(20:10 +0000)
committer
David S. Miller
<davem@davemloft.net>
Mon, 11 Feb 2013 01:41:43 +0000
(20:41 -0500)
commit
d0e2c55e7c940
(veth: avoid a NULL deref in veth_stats_one)
added another NULL deref in veth_dellink().
# ip link add name veth1 type veth peer name veth0
# rmmod veth
We crash because veth_dellink() is called twice, so we must
take care of NULL peer.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
drivers/net/veth.c
patch
|
blob
|
blame
|
history
diff --git
a/drivers/net/veth.c
b/drivers/net/veth.c
index e1da42aaf9de94891e6bff691b129c2e362334fd..07a4af0aa3dcda800a9527e3ba01d9f65ea3feec 100644
(file)
--- a/
drivers/net/veth.c
+++ b/
drivers/net/veth.c
@@
-426,12
+426,13
@@
static void veth_dellink(struct net_device *dev, struct list_head *head)
* not being freed before one RCU grace period.
*/
RCU_INIT_POINTER(priv->peer, NULL);
-
- priv = netdev_priv(peer);
- RCU_INIT_POINTER(priv->peer, NULL);
-
unregister_netdevice_queue(dev, head);
- unregister_netdevice_queue(peer, head);
+
+ if (peer) {
+ priv = netdev_priv(peer);
+ RCU_INIT_POINTER(priv->peer, NULL);
+ unregister_netdevice_queue(peer, head);
+ }
}
static const struct nla_policy veth_policy[VETH_INFO_MAX + 1] = {