Searched hist:d5cd92448fded12c91f7574e49747c5f7d975a8d (Results 1 – 1 of 1) sorted by relevance
/openbmc/linux/drivers/net/ |
H A D | macvlan.c | diff d5cd92448fded12c91f7574e49747c5f7d975a8d Mon Mar 21 20:22:22 CDT 2011 Eric W. Biederman <ebiederm@aristanetworks.com> macvlan: Fix use after free of struct macvlan_port.
When the macvlan driver was extended to call unregisgter_netdevice_queue in 23289a37e2b127dfc4de1313fba15bb4c9f0cd5b, a use after free of struct macvlan_port was introduced. The code in dellink relied on unregister_netdevice actually unregistering the net device so it would be safe to free macvlan_port.
Since unregister_netdevice_queue can just queue up the unregister instead of performing the unregiser immediately we free the macvlan_port too soon and then the code in macvlan_stop removes the macaddress for the set of macaddress to listen for and uses memory that has already been freed.
To fix this add a reference count to track when it is safe to free the macvlan_port and move the call of macvlan_port_destroy into macvlan_uninit which is guaranteed to be called after the final macvlan_port_close.
Signed-off-by: Eric W. Biederman <ebiederm@aristanetworks.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|