SAFE public projects git trees. - safe/jmp/linux-2.6/commit

author	Patrick McHardy <kaber@trash.net>
	Mon, 21 Jan 2008 01:25:14 +0000 (17:25 -0800)
committer	David S. Miller <davem@davemloft.net>
	Mon, 21 Jan 2008 04:31:45 +0000 (20:31 -0800)
commit	68365458a4252fa993b91a00f7a0b18fed399f0d
tree	824b1f32ba3b955c018626127602c365f986ccfc	tree \| snapshot
parent	d4782c323d10d3698b71b6a6b3c7bdad33824658	commit \| diff

[NET]: rtnl_link: fix use-after-free

When unregistering the rtnl_link_ops, all existing devices using
the ops are destroyed. With nested devices this may lead to a
use-after-free despite the use of for_each_netdev_safe() in case
the upper device is next in the device list and is destroyed
by the NETDEV_UNREGISTER notifier.

The easy fix is to restart scanning the device list after removing
a device. Alternatively we could add new devices to the front of
the list to avoid having dependant devices follow the device they
depend on. A third option would be to only restart scanning if
dev->iflink of the next device matches dev->ifindex of the current
one. For now this seems like the safest solution.

With this patch, the veth rtnl_link_ops unregistration can use
rtnl_link_unregister() directly since it now also handles destruction
of multiple devices at once.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

drivers/net/veth.c		diff \| blob \| history
net/core/rtnetlink.c		diff \| blob \| history