Pandora Sourcecodes - pandora-kernel.git/commit

author	Eric Dumazet <eric.dumazet@gmail.com>
	Sun, 6 Jun 2010 23:48:40 +0000 (23:48 +0000)
committer	David S. Miller <davem@davemloft.net>
	Mon, 7 Jun 2010 09:57:14 +0000 (02:57 -0700)
commit	035320d54758e21227987e3aae0d46e7a04f4ddc
tree	9ad66a45ab0b0d903ebcbe435894d1fb9d5d78f5	tree \| snapshot
parent	3fd7fa4a89f0b85b9b33e922f15a2289c0fb8499	commit \| diff

ipmr: dont corrupt lists

ipmr_rules_exit() and ip6mr_rules_exit() free a list of items, but
forget to properly remove these items from list. List head is not
changed and still points to freed memory.

This can trigger a fault later when icmpv6_sk_exit() is called.

Fix is to either reinit list, or use list_del() to properly remove items
from list before freeing them.

bugzilla report : https://bugzilla.kernel.org/show_bug.cgi?id=16120

Introduced by commit d1db275dd3f6e4 (ipv6: ip6mr: support multiple
tables) and commit f0ad0860d01e (ipv4: ipmr: support multiple tables)

Reported-by: Alex Zhavnerchik <alex.vizor@gmail.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
CC: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/ipv4/ipmr.c		diff \| blob \| history
net/ipv6/ip6mr.c		diff \| blob \| history