Re: [BUG] Crash with NULL pointer dereference in bond_handle_frame in -rt... | netdev

[BUG] Crash with NULL pointer dereference in bond_handle_frame in -rt (possibly mainline) · Steven Rostedt <rostedt@goodmis.org> · 2013-03-28
Re: [BUG] Crash with NULL pointer dereference in bond_handle_frame in -rt (possibly mainline) · Eric Dumazet <hidden> · 2013-03-28
Re: [BUG] Crash with NULL pointer dereference in bond_handle_frame in -rt (possibly mainline) · Steven Rostedt <rostedt@goodmis.org> · 2013-03-28
Re: [BUG] Crash with NULL pointer dereference in bond_handle_frame in -rt (possibly mainline) · Jiri Pirko <hidden> · 2013-03-29
[PATCH] net: add a synchronize_net() in netdev_rx_handler_unregister() · Eric Dumazet <hidden> · 2013-03-29
Re: [PATCH] net: add a synchronize_net() in netdev_rx_handler_unregister() · Steven Rostedt <rostedt@goodmis.org> · 2013-03-29
Re: [PATCH] net: add a synchronize_net() in netdev_rx_handler_unregister() · Eric Dumazet <hidden> · 2013-03-29
Re: [PATCH] net: add a synchronize_net() in netdev_rx_handler_unregister() · Ivan Vecera <ivecera@redhat.com> · 2013-03-29
Re: [PATCH] net: add a synchronize_net() in netdev_rx_handler_unregister() · Eric Dumazet <hidden> · 2013-03-29
Re: [PATCH] net: add a synchronize_net() in netdev_rx_handler_unregister() · Jiri Pirko <jiri@resnulli.us> · 2013-03-29
Re: [PATCH] net: add a synchronize_net() in netdev_rx_handler_unregister() · Eric Dumazet <hidden> · 2013-03-29
Re: [PATCH] net: add a synchronize_net() in netdev_rx_handler_unregister() · Paul E. McKenney <hidden> · 2013-03-29
Re: [PATCH] net: add a synchronize_net() in netdev_rx_handler_unregister() · Eric Dumazet <hidden> · 2013-03-29
Re: [PATCH] net: add a synchronize_net() in netdev_rx_handler_unregister() · David Miller <davem@davemloft.net> · 2013-03-29
Re: [BUG] Crash with NULL pointer dereference in bond_handle_frame in -rt (possibly mainline) · Stephen Hemminger <stephen@networkplumber.org> · 2013-03-29
Re: [BUG] Crash with NULL pointer dereference in bond_handle_frame in -rt (possibly mainline) · Steven Rostedt <rostedt@goodmis.org> · 2013-03-29
Re: [BUG] Crash with NULL pointer dereference in bond_handle_frame in -rt (possibly mainline) · Steven Rostedt <rostedt@goodmis.org> · 2013-03-29
Re: [BUG] Crash with NULL pointer dereference in bond_handle_frame in -rt (possibly mainline) · Jiri Pirko <jiri@resnulli.us> · 2013-03-30

Re: [BUG] Crash with NULL pointer dereference in bond_handle_frame in -rt (possibly mainline)

From: Steven Rostedt <rostedt@goodmis.org>
Date: 2013-03-28 17:44:10
Also in: lkml

On Thu, 2013-03-28 at 10:29 -0700, Eric Dumazet wrote:

quoted hunk ↗ jump to hunk

Nothing :(

bug introduced in commit 35d48903e9781975e823b359ee85c257c9ff5c1c
(bonding: fix rx_handler locking)

CC Jiri

Fix seems simple :

diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index 6bbd90e..7956ca5 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c

@@ -1457,6 +1457,8 @@ static rx_handler_result_t bond_handle_frame(struct sk_buff **pskb)
 	*pskb = skb;
 
 	slave = bond_slave_get_rcu(skb->dev);
+	if (!slave)
+		return ret;

Thanks! That's basically what I thought, but wanted to make sure there's
wasn't some other synchronization that I may have been missing.

-- Steve

 	bond = slave->bond;
 
 	if (bond->params.arp_interval)

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help