Re: [BUG] Crash with NULL pointer dereference in bond_handle_framein -rt (possibly mainline)
From: Steven Rostedt
Date: Thu Mar 28 2013 - 13:44:14 EST
On Thu, 2013-03-28 at 10:29 -0700, Eric Dumazet wrote:
> Nothing :(
>
> bug introduced in commit 35d48903e9781975e823b359ee85c257c9ff5c1c
> (bonding: fix rx_handler locking)
>
> CC Jiri
>
> Fix seems simple :
>
> diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
> index 6bbd90e..7956ca5 100644
> --- a/drivers/net/bonding/bond_main.c
> +++ b/drivers/net/bonding/bond_main.c
> @@ -1457,6 +1457,8 @@ static rx_handler_result_t bond_handle_frame(struct sk_buff **pskb)
> *pskb = skb;
>
> slave = bond_slave_get_rcu(skb->dev);
> + if (!slave)
> + return ret;
Thanks! That's basically what I thought, but wanted to make sure there's
wasn't some other synchronization that I may have been missing.
-- Steve
> bond = slave->bond;
>
> if (bond->params.arp_interval)
>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/