netdev
[Top] [All Lists]

[PATCH 2.4 NET] Fixes slab corruption in cbq_destroy

To: "David S. Miller" <davem@xxxxxxxxxxxxx>
Subject: [PATCH 2.4 NET] Fixes slab corruption in cbq_destroy
From: Thomas Graf <tgraf@xxxxxxx>
Date: Thu, 16 Sep 2004 15:31:23 +0200
Cc: Patrick McHardy <kaber@xxxxxxxxx>, Alexey Kuznetsov <kuznet@xxxxxxxxxxxxx>, netdev@xxxxxxxxxxx
Sender: netdev-bounce@xxxxxxxxxxx
Backport of 2.6 patch:

Fixes slab corruption in cbq_destroy. cbq_destroy_filters and
qdisc_put_rtab(q->link.R_tab) are already called in cbq_destroy_class.
The latter lead to a slab corruption due to repeated freeing of
q->link.R_tab because q->link is part of q->classes.


--- linux-2.4.28-pre3-bk2.orig/net/sched/sch_cbq.c      2004-09-16 
14:59:56.000000000 +0200
+++ linux-2.4.28-pre3-bk2/net/sched/sch_cbq.c   2004-09-16 15:01:53.000000000 
+0200
@@ -1736,10 +1736,6 @@
 #ifdef CONFIG_NET_CLS_POLICE
        q->rx_class = NULL;
 #endif
-       for (h = 0; h < 16; h++) {
-               for (cl = q->classes[h]; cl; cl = cl->next)
-                       cbq_destroy_filters(cl);
-       }
 
        for (h = 0; h < 16; h++) {
                struct cbq_class *next;
@@ -1750,7 +1746,6 @@
                }
        }
 
-       qdisc_put_rtab(q->link.R_tab);
        MOD_DEC_USE_COUNT;
 }
 

<Prev in Thread] Current Thread [Next in Thread>