Re: [2.6.33-rc5 regression] NULL pointer dereference in vlan_skb_recv- probably introduced by commit 9793241fe92f7d9303fb221e43fc598eb065f267

From: Eric Dumazet
Date: Sun Jan 24 2010 - 11:26:51 EST


Le 24/01/2010 16:25, Bruno PrÃmont a Ãcrit :
>
> In addition to previous mail, I'm also dumping the result of
> vlan_dev_info(dev) shows that the returned pointer is not the same
> during vlan_dev_init() and vlan_skb_recv() ...
>

>
> This might explain the NULL rx_stats pointer, but why do there exist
> two distinct vlan_dev_info(dev)? (unless in one case dev would be
> the physical network device and in the other case it would be vlan device?
> that is lan versus lan.658 in my case...)
>


Ok, I believe I found the problem :)

Please try following patch, if it works I'll submit with appropriate Changelog and signatures

Thanks


diff --git a/net/8021q/vlan_dev.c b/net/8021q/vlan_dev.c
index b788978..c1b92ca 100644
--- a/net/8021q/vlan_dev.c
+++ b/net/8021q/vlan_dev.c
@@ -163,7 +163,7 @@ int vlan_skb_recv(struct sk_buff *skb, struct net_device *dev,
goto err_unlock;
}

- rx_stats = per_cpu_ptr(vlan_dev_info(dev)->vlan_rx_stats,
+ rx_stats = per_cpu_ptr(vlan_dev_info(skb->dev)->vlan_rx_stats,
smp_processor_id());
rx_stats->rx_packets++;
rx_stats->rx_bytes += skb->len;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/