| To: | Thomas Graf <tgraf@xxxxxxx> |
|---|---|
| Subject: | Re: [PATCH 2.6 NET] Fixes slab corruption in cbq_destroy |
| From: | Patrick McHardy <kaber@xxxxxxxxx> |
| Date: | Thu, 16 Sep 2004 16:58:26 +0200 |
| Cc: | "David S. Miller" <davem@xxxxxxxxxxxxx>, Alexey Kuznetsov <kuznet@xxxxxxxxxxxxx>, netdev@xxxxxxxxxxx |
| In-reply-to: | <20040916140943.GC27293@xxxxxxxxxxxxxx> |
| References: | <20040916132856.GA27293@xxxxxxxxxxxxxx> <4149998C.6060501@xxxxxxxxx> <20040916140943.GC27293@xxxxxxxxxxxxxx> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
| User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040413 Debian/1.6-5 |
Thomas Graf wrote: * Patrick McHardy <4149998C.6060501@xxxxxxxxx> 2004-09-16 15:47I don't see how there can be slab corruption. qdisc_put_rtab only calls kfree if the table is found in qdisc_rtab_list, which only happens once. But the patch is still fine as cleanup :)On second call to qdisc_put_rtab with tab pointing to an already freed qdisc_rate_table: sch_api.c:271: if (!tab || --tab->refcnt) You're right, no double free but accessing and modifying of freed memory. Regards Patrick |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | RE: The ultimate TOE design, Leonid Grossman |
|---|---|
| Next by Date: | Re: Kernel connector - userspace <-> kernelspace "linker"., Evgeniy Polyakov |
| Previous by Thread: | Re: [PATCH 2.6 NET] Fixes slab corruption in cbq_destroy, Thomas Graf |
| Next by Thread: | Re: [PATCH 2.6 NET] Fixes slab corruption in cbq_destroy, Thomas Graf |
| Indexes: | [Date] [Thread] [Top] [All Lists] |