aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPhil Oester <kernel@linuxace.com>2008-03-21 15:01:50 -0700
committerDavid S. Miller <davem@davemloft.net>2008-03-21 15:01:50 -0700
commit12b101555f4a67db67a66966a516075bd477741f (patch)
tree940f5aab5d774a7265ffa47977ab1cad8e3bcc6b
parent94833dfb8c98ed4ca1944dd2c1339d88a2d1c758 (diff)
downloadkernel_goldelico_gta04-12b101555f4a67db67a66966a516075bd477741f.zip
kernel_goldelico_gta04-12b101555f4a67db67a66966a516075bd477741f.tar.gz
kernel_goldelico_gta04-12b101555f4a67db67a66966a516075bd477741f.tar.bz2
[IPV4]: Fix null dereference in ip_defrag
Been seeing occasional panics in my testing of 2.6.25-rc in ip_defrag. Offending line in ip_defrag is here: net = skb->dev->nd_net where dev is NULL. Bisected the problem down to commit ac18e7509e7df327e30d6e073a787d922eaf211d ([NETNS][FRAGS]: Make the inet_frag_queue lookup work in namespaces). Below patch (idea from Patrick McHardy) fixes the problem for me. Signed-off-by: Phil Oester <kernel@linuxace.com> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/ipv4/ip_fragment.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index a2e92f9..3b2e5ad 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -568,7 +568,7 @@ int ip_defrag(struct sk_buff *skb, u32 user)
IP_INC_STATS_BH(IPSTATS_MIB_REASMREQDS);
- net = skb->dev->nd_net;
+ net = skb->dev ? skb->dev->nd_net : skb->dst->dev->nd_net;
/* Start by cleaning up the memory. */
if (atomic_read(&net->ipv4.frags.mem) > net->ipv4.frags.high_thresh)
ip_evictor(net);