Re: [IPv6] crashed when __ip6_del_rt()

From: YOSHIFUJI Hideaki
Date: Tue Dec 18 2012 - 07:05:00 EST

Next message: Mark Rutland: "[RFC PATCH 0/5] clockevents: decouple broadcast mechanism from drivers"
Previous message: Wolfram Sang: "Re: [PATCH] at24: make module parameters changeable via sysfs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

stanley zhou wrote:

> when call write_lock_bh() table is null cause crash in __ip6_del_rt().
> kernel version is 2.6.30.10
:
> static int __ip6_del_rt(struct rt6_info *rt, struct nl_info *info)
> {
> int err;
> struct fib6_table *table;
> struct net *net = dev_net(rt->rt6i_dev);
>
> if (rt == net->ipv6.ip6_null_entry) {
> +++err = -ENOENT;
> +++goto out;
> --- return -ENOENT;
> }
>
> table = rt->rt6i_table;
> write_lock_bh(&table->tb6_lock);
> err = fib6_del(rt, info);
> write_unlock_bh(&table->tb6_lock);
> +++out:
> dst_release(&rt->u.dst);
> return err;
> }
>

I think this is what commit 6825a26c ("ipv6: release reference of
ip6_null_entry's dst entry in __ip6_del_rt") by Gao feng
<gaofeng@xxxxxxxxxxxxxx> does, which is already in v3.7.

Are you suggesting that we should have this in -stable tree as well?

--yoshfuji

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Mark Rutland: "[RFC PATCH 0/5] clockevents: decouple broadcast mechanism from drivers"
Previous message: Wolfram Sang: "Re: [PATCH] at24: make module parameters changeable via sysfs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]