From: Stanislav Kinsbursky <[email protected]> Date: Thu, 09 Aug 2012 16:50:40 +0400
> This is a fix for bug, introduced in 3.4 kernel by commit > 1ab5ecb90cb6a3df1476e052f76a6e8f6511cb3d, which, among other things, replaced > simple sock_put() by sk_release_kernel(). Below is sequence, which leads to > oops for non-persistent devices: > > tun_chr_close() > tun_detach() <== tun->socket.file = NULL > tun_free_netdev() > sk_release_sock() > sock_release(sock->file == NULL) > iput(SOCK_INODE(sock)) <== dereference on NULL pointer > > This patch just removes zeroing of socket's file from __tun_detach(). > sock_release() will do this. > > Cc: [email protected] > Reported-by: Ruan Zhijie <[email protected]> > Tested-by: Ruan Zhijie <[email protected]> > Acked-by: Al Viro <[email protected]> > Acked-by: Eric Dumazet <[email protected]> > Acked-by: Yuchung Cheng <[email protected]> > Signed-off-by: Stanislav Kinsbursky <[email protected]> Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
