Re: [PATCH net] macvtap: fix use after free for skb_array during release

From: David Miller
Date: Thu Aug 11 2016 - 12:56:28 EST

Next message: Joshua Clayton: "[PATCH 1/1] sbs-battery: add ability to get battery capacity"
Previous message: Linus Torvalds: "Re: [LKP] [lkp] [xfs] 68a9f5e700: aim7.jobs-per-min -13.6% regression"
In reply to: Jason Wang: "[PATCH net] macvtap: fix use after free for skb_array during release"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jason Wang <jasowang@xxxxxxxxxx>
Date: Thu, 11 Aug 2016 18:15:56 +0800

> We've clean skb_array in macvtap_put_queue() but still try to pop from
> it during macvtap_sock_destruct(). Fix this use after free by moving
> the skb array cleanup to macvtap_sock_destruct() instead.
>
> Fixes: 362899b8725b ("macvtap: switch to use skb array")
> Reported-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>
> Tested-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>
> Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

Applied, thanks for fixing this so quickly Jason.

Next message: Joshua Clayton: "[PATCH 1/1] sbs-battery: add ability to get battery capacity"
Previous message: Linus Torvalds: "Re: [LKP] [lkp] [xfs] 68a9f5e700: aim7.jobs-per-min -13.6% regression"
In reply to: Jason Wang: "[PATCH net] macvtap: fix use after free for skb_array during release"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]