Commit 12b10155 authored Mar 21, 2008 by Phil Oester Committed by David S. Miller Mar 21, 2008

[IPV4]: Fix null dereference in ip_defrag



Been seeing occasional panics in my testing of 2.6.25-rc in ip_defrag.
Offending line in ip_defrag is here:

	net = skb->dev->nd_net

where dev is NULL.  Bisected the problem down to commit
ac18e750 ([NETNS][FRAGS]: Make the
inet_frag_queue lookup work in namespaces).  

Below patch (idea from Patrick McHardy) fixes the problem for me.

Signed-off-by: Phil Oester <kernel@linuxace.com>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 94833dfb

net/ipv4/ip_fragment.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -568,7 +568,7 @@ int ip_defrag(struct sk_buff *skb, u32 user)

		IP_INC_STATS_BH(IPSTATS_MIB_REASMREQDS);

		net = skb->dev->nd_net;
		net = skb->dev ? skb->dev->nd_net : skb->dst->dev->nd_net;
		/* Start by cleaning up the memory. */
		if (atomic_read(&net->ipv4.frags.mem) > net->ipv4.frags.high_thresh)
		ip_evictor(net);