From: David Miller <davem@davemloft.net>
To: jeff@garzik.org
Cc: dlunev@gmail.com, netdev@vger.kernel.org,
herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org,
akpm@linux-foundation.org, den@openvz.org
Subject: Re: [NET] IPv6 oops bisected
Date: Sun, 07 Oct 2007 23:16:08 -0700 (PDT) [thread overview]
Message-ID: <20071007.231608.104667710.davem@davemloft.net> (raw)
In-Reply-To: <4708F387.1060602@garzik.org>
From: Jeff Garzik <jeff@garzik.org>
Date: Sun, 07 Oct 2007 10:56:07 -0400
> /etc/sysconfig/network-scripts/network-functions-ipv6: line 246: 1760 Killed
> LC_ALL=C /sbin/ip $options
>
>
> NULL pointer dereference at 0x000003f8
>
> backtrace:
> :ipv6:ip6_route_add+0x1b1/0x543
'dev' can be NULL in that code branch of ip6_route_add(),
yet we're deferencing it to get dev->nd_net.
if ((cfg->fc_flags & RTF_REJECT) ||
(dev && (dev->flags&IFF_LOOPBACK) && !(addr_type&IPV6_ADDR_LOOPBACK))) {
/* hold loopback dev/idev if we haven't done so. */
- if (dev != init_net.loopback_dev) {
+ if (dev != dev->nd_net->loopback_dev) {
I'll add the appropriate check for NULL as follows:
commit b3c1427c21f9bac4ceaa02e875f3b2c9a5592132
Author: David S. Miller <davem@sunset.davemloft.net>
Date: Sun Oct 7 23:15:56 2007 -0700
[IPV6]: Fix OOPS introduced by 5f5dace1ce001b24fb8286e09ffd3c4d2b547e09.
In ip6_add_route(), 'dev' can be NULL, so check that before
we try to deref dev->nd_net.
Based upon a crash report by Jeff Garzik.
Signed-off-by: David S. Miller <davem@davemloft.net>
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index a7db84c..7109ad6 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -1188,7 +1188,7 @@ int ip6_route_add(struct fib6_config *cfg)
if ((cfg->fc_flags & RTF_REJECT) ||
(dev && (dev->flags&IFF_LOOPBACK) && !(addr_type&IPV6_ADDR_LOOPBACK))) {
/* hold loopback dev/idev if we haven't done so. */
- if (dev != dev->nd_net->loopback_dev) {
+ if (!dev || (dev != dev->nd_net->loopback_dev)) {
if (dev) {
dev_put(dev);
in6_dev_put(idev);
next prev parent reply other threads:[~2007-10-08 6:16 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-07 12:52 [NET] IPv6 oops bisected Jeff Garzik
2007-10-07 13:33 ` Jeff Garzik
2007-10-07 13:49 ` Denis V. Lunev
2007-10-07 14:56 ` Jeff Garzik
2007-10-08 6:16 ` David Miller [this message]
2007-10-08 6:19 ` Herbert Xu
2007-10-08 6:23 ` David Miller
2007-10-08 6:34 ` Denis V. Lunev
2007-10-08 6:46 ` David Miller
2007-10-08 7:00 ` Denis V. Lunev
2007-10-08 16:02 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20071007.231608.104667710.davem@davemloft.net \
--to=davem@davemloft.net \
--cc=akpm@linux-foundation.org \
--cc=den@openvz.org \
--cc=dlunev@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=jeff@garzik.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.