Re: [PATCH net] ipvlan: fix use after free of skb

From: Sabrina Dubroca Date: Mon, 16 Nov 2015 22:44:53 +0100 > ipvlan_handle_frame is a rx_handler, and when it returns a value other > than RX_HANDLER_CONSUMED (here, NET_RX_DROP aka RX_HANDLER_ANOTHER), > __netif_receive_skb_core expects that the skb still exists and will

[PATCH net] ipvlan: fix use after free of skb

ipvlan_handle_frame is a rx_handler, and when it returns a value other than RX_HANDLER_CONSUMED (here, NET_RX_DROP aka RX_HANDLER_ANOTHER), __netif_receive_skb_core expects that the skb still exists and will process it further, but we just freed it. Fixes: 2ad7bf363841 ("ipvlan: Initial check-in