Thomas Graf wrote:
Fixes slab corruption in cbq_destroy. cbq_destroy_filters and
qdisc_put_rtab(q->link.R_tab) are already called in cbq_destroy_class.
The latter lead to a slab corruption due to repeated freeing of
q->link.R_tab because q->link is part of q->classes. Problem introduced
in 1.21.
I don't see how there can be slab corruption. qdisc_put_rtab only
calls kfree if the table is found in qdisc_rtab_list, which only
happens once. But the patch is still fine as cleanup :)
Regards
Patrick
Signed-off-by: Thomas Graf <tgraf@xxxxxxx>
--- linux-2.6.9-rc2-bk2.orig/net/sched/sch_cbq.c 2004-09-16
14:52:23.000000000 +0200
+++ linux-2.6.9-rc2-bk2/net/sched/sch_cbq.c 2004-09-16 14:53:53.000000000
+0200
@@ -1770,10 +1770,6 @@
#ifdef CONFIG_NET_CLS_POLICE
q->rx_class = NULL;
#endif
- for (h = 0; h < 16; h++) {
- for (cl = q->classes[h]; cl; cl = cl->next)
- cbq_destroy_filters(cl);
- }
for (h = 0; h < 16; h++) {
struct cbq_class *next;
@@ -1783,8 +1779,6 @@
cbq_destroy_class(sch, cl);
}
}
-
- qdisc_put_rtab(q->link.R_tab);
}
static void cbq_put(struct Qdisc *sch, unsigned long arg)
|