[PATCH 3.8 123/124] Revert "ip6tnl: fix use after free of fb_tnl_dev"
Kamal Mostafa
kamal at canonical.com
Mon Feb 10 19:41:03 UTC 2014
3.8.13.18 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Nicolas Dichtel <nicolas.dichtel at 6wind.com>
[ No relevant upstream commit. ]
This reverts commit 22c3ec552c29cf4bd4a75566088950fe57d860c4.
This patch is not the right fix, it introduces a memory leak when a netns is
destroyed (the FB device is never deleted).
Signed-off-by: Nicolas Dichtel <nicolas.dichtel at 6wind.com>
Reported-by: Steven Rostedt <srostedt at redhat.com>
Tested-by: Steven Rostedt <srostedt at redhat.com> (and our entire MRG team)
Tested-by: "Luis Claudio R. Goncalves" <lgoncalv at redhat.com>
Tested-by: John Kacur <jkacur at redhat.com>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
net/ipv6/ip6_tunnel.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index fa3fe70..a953bfb 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -1725,6 +1725,8 @@ static void __net_exit ip6_tnl_destroy_tunnels(struct ip6_tnl_net *ip6n)
}
}
+ t = rtnl_dereference(ip6n->tnls_wc[0]);
+ unregister_netdevice_queue(t->dev, &list);
unregister_netdevice_many(&list);
}
--
1.8.3.2
More information about the kernel-team
mailing list