| Message ID | 1284131774.24675.46.camel@edumazet-laptop |
|---|---|
| State | RFC, archived |
| Delegated to: | David Miller |
| Headers | show |
From: Eric Dumazet <eric.dumazet@gmail.com> Date: Fri, 10 Sep 2010 17:16:14 +0200 > Le vendredi 10 septembre 2010 à 16:57 +0200, Nicolas Dichtel a écrit : > >> Is this not true in IPv6? What is the difference? > > It might be a bug on ipv6, who knows ? > > Releasing a reference count, but not setting idev->dev to NULL is > a sign something is wrong... If anything this is more of a BUG trap than a true correctness patch, but either way if you want me to apply this please formally submit this with a proper commit message and signoff, thanks! > diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c > index 5bc893e..26e39bc 100644 > --- a/net/ipv6/addrconf.c > +++ b/net/ipv6/addrconf.c > @@ -330,6 +330,7 @@ void in6_dev_finish_destroy(struct inet6_dev *idev) > printk(KERN_DEBUG "in6_dev_finish_destroy: %s\n", dev ? dev->name : "NIL"); > #endif > dev_put(dev); > + idev->dev = NULL; > if (!idev->dead) { > pr_warning("Freeing alive inet6 device %p\n", idev); > return; > > > -- > To unsubscribe from this list: send the line "unsubscribe netdev" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Le mardi 14 septembre 2010 à 13:45 -0700, David Miller a écrit : > From: Eric Dumazet <eric.dumazet@gmail.com> > Date: Fri, 10 Sep 2010 17:16:14 +0200 > > > Le vendredi 10 septembre 2010 à 16:57 +0200, Nicolas Dichtel a écrit : > > > >> Is this not true in IPv6? What is the difference? > > > > It might be a bug on ipv6, who knows ? > > > > Releasing a reference count, but not setting idev->dev to NULL is > > a sign something is wrong... > > If anything this is more of a BUG trap than a true correctness patch, > but either way if you want me to apply this please formally submit > this with a proper commit message and signoff, thanks! This was not a patch for inclusion, this was to show my point. I suspect this will trigger NULL dereference at some points later... I do think a correct patch would be to change ipv6 to mimic ipv4 way of course. I'll take a look at this later. Thanks -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index 5bc893e..26e39bc 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -330,6 +330,7 @@ void in6_dev_finish_destroy(struct inet6_dev *idev) printk(KERN_DEBUG "in6_dev_finish_destroy: %s\n", dev ? dev->name : "NIL"); #endif dev_put(dev); + idev->dev = NULL; if (!idev->dead) { pr_warning("Freeing alive inet6 device %p\n", idev); return;
Le vendredi 10 septembre 2010 à 16:57 +0200, Nicolas Dichtel a écrit : > Is this not true in IPv6? What is the difference? It might be a bug on ipv6, who knows ? Releasing a reference count, but not setting idev->dev to NULL is a sign something is wrong... -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html