Message ID | 4FBB6105.2060808@intel.com |
---|---|
State | Rejected, archived |
Delegated to: | David Miller |
Headers | show |
From: "kun.jiang" <kunx.jiang@intel.com> Date: Tue, 22 May 2012 17:48:53 +0800 > From: Yanmin Zhang <yanmin_zhang@linux.intel.com> > > We hit a kernel OOPS. ... > In function free_fib_info, we don't reset nexthop_nh->nh_dev to NULL before releasing > nh_dev. kfree_rcu(fi, rcu) would release the whole area. > > Signed-off-by: Yanmin Zhang <yanmin_zhang@linux.intel.com> > Signed-off-by: Kun Jiang <kunx.jiang@intel.com> This isn't a fix. You're keeping around a pointer to a completely released object, which is therefore illegal to dereference. That's why we must set it to NULL, to catch such illegal accesses. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c index 5063fa3..68ea013 100644 --- a/net/ipv4/fib_semantics.c +++ b/net/ipv4/fib_semantics.c @@ -159,7 +159,6 @@ void free_fib_info(struct fib_info *fi) change_nexthops(fi) { if (nexthop_nh->nh_dev) dev_put(nexthop_nh->nh_dev); - nexthop_nh->nh_dev = NULL; } endfor_nexthops(fi); fib_info_cnt--; release_net(fi->fib_net);