git.baikalelectronics.ru Git - kernel.git/commit

author	Herbert Xu <herbert@gondor.apana.org.au>
	Sun, 15 Mar 2015 10:12:04 +0000 (21:12 +1100)
committer	David S. Miller <davem@davemloft.net>
	Mon, 16 Mar 2015 02:22:08 +0000 (22:22 -0400)
commit	1f91ca809713f36012d073e2ae3c2bbbc2302c77
tree	b1735fd0d424222d31fb72f51d860b51e417dac5	tree \| snapshot
parent	556e85908b2d261b6168b01df4bc7dbc9d3675ed	commit \| diff

rhashtable: Fix use-after-free in rhashtable_walk_stop

The commit 0fd051d500cc7ad31ec6ef98b81fb940710171a8 ("rhashtable:
Move future_tbl into struct bucket_table") introduced a use-after-
free bug in rhashtable_walk_stop because it dereferences tbl after
droping the RCU read lock.

This patch fixes it by moving the RCU read unlock down to the bottom
of rhashtable_walk_stop. In fact this was how I had it originally
but it got dropped while rearranging patches because this one
depended on the async freeing of bucket_table.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>