Google Git
Sign in
gem5/arm/linux/ad65a2f05695aced349e308193c6e2a6b1d87112^!/.
commit
ad65a2f05695aced349e308193c6e2a6b1d87112
[log]
author
Wei Wang <weiwan@google.com>
Sat Jun 17 10:42:35 2017 -0700
committer
David S. Miller <davem@davemloft.net>
Sat Jun 17 22:54:00 2017 -0400
tree
bc94ee3f9f25c990ffd1c8367a9c081289648c27
parent
9514528d92d4cbe086499322370155ed69f5d06c [diff]
ipv6: call dst_hold_safe() properly

Similar as ipv4, ipv6 path also needs to call dst_hold_safe() when
necessary to avoid double free issue on the dst.

Signed-off-by: Wei Wang <weiwan@google.com>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 0aa36b0..2a63977 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c

@@ -5576,8 +5576,8 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
 				ip6_del_rt(rt);
 		}
 		if (ifp->rt) {
-			dst_hold(&ifp->rt->dst);
-			ip6_del_rt(ifp->rt);
+			if (dst_hold_safe(&ifp->rt->dst))
+				ip6_del_rt(ifp->rt);
 		}
 		rt_genid_bump_ipv6(net);
 		break;

diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 908b711..c52c519 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c

@@ -1366,8 +1366,8 @@ static void ip6_link_failure(struct sk_buff *skb)
 	rt = (struct rt6_info *) skb_dst(skb);
 	if (rt) {
 		if (rt->rt6i_flags & RTF_CACHE) {
-			dst_hold(&rt->dst);
-			ip6_del_rt(rt);
+			if (dst_hold_safe(&rt->dst))
+				ip6_del_rt(rt);
 		} else if (rt->rt6i_node && (rt->rt6i_flags & RTF_DEFAULT)) {
 			rt->rt6i_node->fn_sernum = -1;
 		}