shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-05 10:31:46 +09:00
Code Issues Packages Projects Releases Wiki Activity

act_ife: fix a potential use-after-free

Browse Source 
[ Upstream commit 6d784f1625 ]

Immediately after module_put(), user could delete this
module, so e->ops could be already freed before we call
e->ops->release().

Fix this by moving module_put() after ops->release().

Fixes: ef6980b6be ("introduce IFE action")
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Cong Wang
2018-09-03 11:08:15 -07:00
committed by Greg Kroah-Hartman
parent 7fe7a0f4c5
commit a08d7ea10b
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
net/sched/act_ife.c
View File

@@ -377,7 +377,6 @@ static void _tcf_ife_cleanup(struct tc_action *a, int bind)
struct tcf_meta_info *e, *n;
list_for_each_entry_safe(e, n, &ife->metalist, metalist) {
module_put(e->ops->owner);
list_del(&e->metalist);
if (e->metaval) {
if (e->ops->release)
@@ -385,6 +384,7 @@ static void _tcf_ife_cleanup(struct tc_action *a, int bind)
else
kfree(e->metaval);
}
module_put(e->ops->owner);
kfree(e);
}
}