diff options
author | Minoru Usui <usui@mxm.nes.nec.co.jp> | 2009-06-02 11:17:34 +0200 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2009-06-02 11:17:34 +0200 |
commit | 12186be7d2e1106cede1cc728526e3d7998cbe94 (patch) | |
tree | a27e9c1cf720fbd31d67c27ea1426a0ae891733b /net/unix | |
parent | e1000: add missing length check to e1000 receive routine (diff) | |
download | linux-12186be7d2e1106cede1cc728526e3d7998cbe94.tar.xz linux-12186be7d2e1106cede1cc728526e3d7998cbe94.zip |
net_cls: fix unconfigured struct tcf_proto keeps chaining and avoid kernel panic when we use cls_cgroup
This patch fixes a bug which unconfigured struct tcf_proto keeps
chaining in tc_ctl_tfilter(), and avoids kernel panic in
cls_cgroup_classify() when we use cls_cgroup.
When we execute 'tc filter add', tcf_proto is allocated, initialized
by classifier's init(), and chained. After it's chained,
tc_ctl_tfilter() calls classifier's change(). When classifier's
change() fails, tc_ctl_tfilter() does not free and keeps tcf_proto.
In addition, cls_cgroup is initialized in change() not in init(). It
accesses unconfigured struct tcf_proto which is chained before
change(), then hits Oops.
Signed-off-by: Minoru Usui <usui@mxm.nes.nec.co.jp>
Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Tested-by: Minoru Usui <usui@mxm.nes.nec.co.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/unix')
0 files changed, 0 insertions, 0 deletions