datapath: Fix use-after-free bug in dp_notify.

author Pravin B Shelar <pshelar@nicira.com>

Thu, 7 Jun 2012 22:18:17 +0000 (15:18 -0700)

committer Pravin B Shelar <pshelar@nicira.com>

Thu, 7 Jun 2012 22:18:17 +0000 (15:18 -0700)
author Pravin B Shelar <pshelar@nicira.com>
Thu, 7 Jun 2012 22:18:17 +0000 (15:18 -0700)
committer Pravin B Shelar <pshelar@nicira.com>
Thu, 7 Jun 2012 22:18:17 +0000 (15:18 -0700)
diff --git a/datapath/dp_notify.c b/datapath/dp_notify.c

index 683f624..13085d6 100644 (file)
--- a/datapath/dp_notify.c
+++ b/datapath/dp_notify.c
@@ -41,18 +41,19 @@ static int dp_device_event(struct notifier_block *unused, unsigned long event,
         case NETDEV_UNREGISTER:
                 if (!ovs_is_internal_dev(dev)) {
                         struct sk_buff *notify;
+                       struct datapath *dp = vport->dp;
  
                         notify = ovs_vport_cmd_build_info(vport, 0, 0,
                                                           OVS_VPORT_CMD_DEL);
                         ovs_dp_detach_port(vport);
                         if (IS_ERR(notify)) {
-                               netlink_set_err(GENL_SOCK(ovs_dp_get_net(vport->dp)), 0,
+                               netlink_set_err(GENL_SOCK(ovs_dp_get_net(dp)), 0,
                                                 ovs_dp_vport_multicast_group.id,
                                                 PTR_ERR(notify));
                                 break;
                         }
  
-                       genlmsg_multicast_netns(ovs_dp_get_net(vport->dp), notify, 0,
+                       genlmsg_multicast_netns(ovs_dp_get_net(dp), notify, 0,
                                                 ovs_dp_vport_multicast_group.id,
                                                 GFP_KERNEL);
                 }
author	Pravin B Shelar <pshelar@nicira.com>
	Thu, 7 Jun 2012 22:18:17 +0000 (15:18 -0700)
committer	Pravin B Shelar <pshelar@nicira.com>
	Thu, 7 Jun 2012 22:18:17 +0000 (15:18 -0700)