[precise][sru][PATCH 5/5] veth: fix NULL dereference in veth_dellink()
Chris J Arges
chris.j.arges at canonical.com
Tue Mar 25 21:03:07 UTC 2014
From: Eric Dumazet <edumazet at google.com>
BugLink: http://bugs.launchpad.net/bugs/1201869
commit d0e2c55e7c940 (veth: avoid a NULL deref in veth_stats_one)
added another NULL deref in veth_dellink().
We crash because veth_dellink() is called twice, so we must
take care of NULL peer.
Signed-off-by: Eric Dumazet <edumazet at google.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
(cherry picked from commit f45a5c267da35174e22cec955093a7513dc1623d)
Signed-off-by: Chris J Arges <chris.j.arges at canonical.com>
---
drivers/net/veth.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/drivers/net/veth.c b/drivers/net/veth.c
index e093646..3634032 100644
--- a/drivers/net/veth.c
+++ b/drivers/net/veth.c
@@ -423,12 +423,13 @@ static void veth_dellink(struct net_device *dev, struct list_head *head)
* not being freed before one RCU grace period.
*/
RCU_INIT_POINTER(priv->peer, NULL);
-
- priv = netdev_priv(peer);
- RCU_INIT_POINTER(priv->peer, NULL);
-
unregister_netdevice_queue(dev, head);
- unregister_netdevice_queue(peer, head);
+
+ if (peer) {
+ priv = netdev_priv(peer);
+ RCU_INIT_POINTER(priv->peer, NULL);
+ unregister_netdevice_queue(peer, head);
+ }
}
static const struct nla_policy veth_policy[VETH_INFO_MAX + 1] = {
--
1.7.9.5
More information about the kernel-team
mailing list