From: [EMAIL PROTECTED] Date: Sat, 25 Mar 2006 00:33:46 -0800 > A possible bug: > > rt_fill_info() calls ipmr_get_route(). > > ipmr_get_route() calls ipmr_cache_unresolved() > > ipmr_cache_unresolved() gets an error and does kfree_skb(skb) > > ipmr_cache_unresolved() returns a -ve errno to ipmr_get_route() > > ipmr_get_route() returns the errno to rt_fill_info() > > rt_fill_info() diddles with the now-kfreed skb.
Yes, this comes up every few weeks and I keep giving the same explanation of what needs to happen here each and every time. :) You'll notice that ipmr_get_route() tries to use the RTNETLINK skb passed in to send a multicast IPV4 packet out to try and resolve an unresolved entry which will obviously corrupt the RTNETLINK skb (which obviously the caller didn't intend to let ipmr_get_route() use to send an ipv4 packet out) and just about everything else. So fixing some stray kfree_skb() here is basically pointless. This area of the ipmr code needs to be totally rewritten. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
