On Fri, Mar 22, 2019 at 5:37 AM John Hurley <[email protected]> wrote: > > A new mirred action is created by the tcf_mirred_init function. This > contains a list head struct which is inserted into a global list on > successful creation of a new action. However, after a creation, it is > still possible to error out and call the tcf_idr_release function. This, > in turn, calls the act_mirr cleanup function via __tcf_idr_release and > __tcf_action_put. This cleanup function tries to delete the list entry > which is as yet uninitialised, leading to a NULL pointer exception. > > Fix this by initialising the list entry on creation of a new action. ... > > Fixes: 4e232818bd32 ("net: sched: act_mirred: remove dependency on rtnl lock") > Signed-off-by: John Hurley <[email protected]> > Reviewed-by: Jakub Kicinski <[email protected]>
Acked-by: Cong Wang <[email protected]> Thanks for the update!
