From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Miller Subject: Re: [PATCH net 0/2] NULL pointer dereference in {ipvlan|macvlan}_port_destroy Date: Fri, 03 Nov 2017 14:05:11 +0900 (KST) Message-ID: <20171103.140511.953424236476363454.davem@davemloft.net> References: <1509467987-20050-1-git-send-email-girish.moodalbail@oracle.com> Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: netdev@vger.kernel.org To: girish.moodalbail@oracle.com Return-path: Received: from shards.monkeyblade.net ([184.105.139.130]:34924 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753623AbdKCFFS (ORCPT ); Fri, 3 Nov 2017 01:05:18 -0400 In-Reply-To: <1509467987-20050-1-git-send-email-girish.moodalbail@oracle.com> Sender: netdev-owner@vger.kernel.org List-ID: From: Girish Moodalbail Date: Tue, 31 Oct 2017 09:39:45 -0700 > When call to register_netdevice() (called from ipvlan_link_new()) > fails, inside that function we call ipvlan_uninit() (through > ndo_uninit()) to destroy the ipvlan port. Upon returning > unsuccessfully from register_netdevice() we go ahead and call > ipvlan_port_destroy() again which causes NULL pointer dereference > panic. The problem is that ipvlan doesn't follow the proper convention that ->ndo_uninit() must only release resources allocated by ->ndo_init(). What needs to happen is that the port allocation occur in ->ndo_init(). Your fix, while solving some cases, does not fully cover all of the posibiities due to this bug. Please fix this correctly by moving the port allocation and related setup from link creation to ->ndo_init(). Thank you.