[precise][sru][PATCH 5/5] veth: fix NULL dereference in veth_dellink()

[Chris J Arges]

From: Eric Dumazet <edumazet at google.com>

BugLink: http://bugs.launchpad.net/bugs/1201869

commit d0e2c55e7c940 (veth: avoid a NULL deref in veth_stats_one)
added another NULL deref in veth_dellink().

We crash because veth_dellink() is called twice, so we must
take care of NULL peer.

Signed-off-by: Eric Dumazet <edumazet at google.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
(cherry picked from commit f45a5c267da35174e22cec955093a7513dc1623d)

Signed-off-by: Chris J Arges <chris.j.arges at canonical.com>
---
 drivers/net/veth.c |   11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/drivers/net/veth.c b/drivers/net/veth.c
index e093646..3634032 100644
--- a/drivers/net/veth.c
+++ b/drivers/net/veth.c
@@ -423,12 +423,13 @@ static void veth_dellink(struct net_device *dev, struct list_head *head)
 	 * not being freed before one RCU grace period.
 	 */
 	RCU_INIT_POINTER(priv->peer, NULL);
-
-	priv = netdev_priv(peer);
-	RCU_INIT_POINTER(priv->peer, NULL);
-
 	unregister_netdevice_queue(dev, head);
-	unregister_netdevice_queue(peer, head);
+
+	if (peer) {
+		priv = netdev_priv(peer);
+		RCU_INIT_POINTER(priv->peer, NULL);
+		unregister_netdevice_queue(peer, head);
+	}
 }
 
 static const struct nla_policy veth_policy[VETH_INFO_MAX + 1] = {
-- 
1.7.9.5