Re: [PATCH] Fix infinite loop on dev_mc_unsync()

From: Patrick McHardy [EMAIL PROTECTED] Date: Sat, 10 Nov 2007 01:13:42 +0100 Joe Perches wrote: On Sat, 2007-11-10 at 00:12 +0100, Patrick McHardy wrote: This may cause a use-after-free since __dev_addr_delete frees the address when all references are gone. How about a

[PATCH] Fix infinite loop on dev_mc_unsync()

While reviewing net/core/dev_mcast.c I found what I think is an infinite loop on dev_mc_unsync(). This fixes it. We make use of this guy on mac80211 in ieee80211_stop(). This is untested. Signed-off-by: Luis R. Rodriguez [EMAIL PROTECTED] diff --git a/net/core/dev_mcast.c b/net/core/dev_mcast.c

Re: [PATCH] Fix infinite loop on dev_mc_unsync()

Sorry, forgot to CC David. On Fri, Nov 09, 2007 at 10:11:35AM -0500, Luis R. Rodriguez wrote: While reviewing net/core/dev_mcast.c I found what I think is an infinite loop on dev_mc_unsync(). This fixes it. We make use of this guy on mac80211 in ieee80211_stop(). This is untested.

Re: [PATCH] Fix infinite loop on dev_mc_unsync()

On Fri, 2007-11-09 at 13:51 -0500, Luis R. Rodriguez wrote: While reviewing net/core/dev_mcast.c I found what I think is an infinite loop on dev_mc_unsync(). This fixes it. We make use of this guy on mac80211 in ieee80211_stop(). This is untested. Signed-off-by: Luis R. Rodriguez [EMAIL

Re: [PATCH] Fix infinite loop on dev_mc_unsync()

On Fri, Nov 09, 2007 at 11:07:16AM -0800, Joe Perches wrote: On Fri, 2007-11-09 at 13:51 -0500, Luis R. Rodriguez wrote: While reviewing net/core/dev_mcast.c I found what I think is an infinite loop on dev_mc_unsync(). This fixes it. We make use of this guy on mac80211 in ieee80211_stop().

Re: [PATCH] Fix infinite loop on dev_mc_unsync()

Luis R. Rodriguez wrote: diff --git a/net/core/dev_mcast.c b/net/core/dev_mcast.c index 15241cf..2aea8e1 100644 --- a/net/core/dev_mcast.c +++ b/net/core/dev_mcast.c @@ -160,14 +160,12 @@ EXPORT_SYMBOL(dev_mc_sync); */ void dev_mc_unsync(struct net_device *to, struct net_device *from) { -

Re: [PATCH] Fix infinite loop on dev_mc_unsync()

On Sat, 2007-11-10 at 00:12 +0100, Patrick McHardy wrote: This may cause a use-after-free since __dev_addr_delete frees the address when all references are gone. How about a comment then? Perhaps: diff --git a/net/core/dev_mcast.c b/net/core/dev_mcast.c index ae35405..63576aa 100644 ---

Re: [PATCH] Fix infinite loop on dev_mc_unsync()

Joe Perches wrote: On Sat, 2007-11-10 at 00:12 +0100, Patrick McHardy wrote: This may cause a use-after-free since __dev_addr_delete frees the address when all references are gone. How about a comment then? Perhaps: diff --git a/net/core/dev_mcast.c b/net/core/dev_mcast.c index