From: Eric Dumazet Date: Fri, 8 Feb 2013 20:10:49 +0000 (+0000) Subject: veth: fix NULL dereference in veth_dellink() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=f45a5c267da35174e22cec955093a7513dc1623d;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git veth: fix NULL dereference in veth_dellink() commit d0e2c55e7c940 (veth: avoid a NULL deref in veth_stats_one) added another NULL deref in veth_dellink(). # ip link add name veth1 type veth peer name veth0 # rmmod veth We crash because veth_dellink() is called twice, so we must take care of NULL peer. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller --- diff --git a/drivers/net/veth.c b/drivers/net/veth.c index e1da42aaf9de..07a4af0aa3dc 100644 --- a/drivers/net/veth.c +++ b/drivers/net/veth.c @@ -426,12 +426,13 @@ static void veth_dellink(struct net_device *dev, struct list_head *head) * not being freed before one RCU grace period. */ RCU_INIT_POINTER(priv->peer, NULL); - - priv = netdev_priv(peer); - RCU_INIT_POINTER(priv->peer, NULL); - unregister_netdevice_queue(dev, head); - unregister_netdevice_queue(peer, head); + + if (peer) { + priv = netdev_priv(peer); + RCU_INIT_POINTER(priv->peer, NULL); + unregister_netdevice_queue(peer, head); + } } static const struct nla_policy veth_policy[VETH_INFO_MAX + 1] = {