netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [PATCH 2.6 NET] Fixes slab corruption in cbq_destroy

from [Patrick McHardy] [Permanent Link][Original]
To: Thomas Graf <tgraf@xxxxxxx>
Subject: Re: [PATCH 2.6 NET] Fixes slab corruption in cbq_destroy
From: Patrick McHardy <kaber@xxxxxxxxx>
Date: Thu, 16 Sep 2004 16:58:26 +0200
Cc: "David S. Miller" <davem@xxxxxxxxxxxxx>, Alexey Kuznetsov <kuznet@xxxxxxxxxxxxx>, netdev@xxxxxxxxxxx
In-reply-to: <20040916140943.GC27293@postel.suug.ch>
References: <20040916132856.GA27293@postel.suug.ch> <4149998C.6060501@trash.net> <20040916140943.GC27293@postel.suug.ch>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040413 Debian/1.6-5 
Thomas Graf wrote:

* Patrick McHardy <4149998C.6060501@xxxxxxxxx> 2004-09-16 15:47


I don't see how there can be slab corruption. qdisc_put_rtab only
calls kfree if the table is found in qdisc_rtab_list, which only
happens once. But the patch is still fine as cleanup :)



On second call to qdisc_put_rtab with tab pointing to an already
freed qdisc_rate_table:

sch_api.c:271: if (!tab || --tab->refcnt)


You're right, no double free but accessing and modifying of freed memory.

Regards
Patrick


[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: The ultimate TOE design, Leonid Grossman
Next by Date:  Re: Kernel connector - userspace <-> kernelspace "linker"., Evgeniy Polyakov
Previous by Thread:  Re: [PATCH 2.6 NET] Fixes slab corruption in cbq_destroy, Thomas Graf
Next by Thread:  Re: [PATCH 2.6 NET] Fixes slab corruption in cbq_destroy, Thomas Graf
Indexes:  [Date] [Thread] [Top] [All Lists]