[3.11.y.z extended stable] Patch "Revert "ip6tnl: fix use after free of fb_tnl_dev"" has been added to staging queue

[Luis Henriques]

This is a note to let you know that I have just added a patch titled

    Revert "ip6tnl: fix use after free of fb_tnl_dev"

to the linux-3.11.y-queue branch of the 3.11.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.11.y-queue

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.11.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Luis

------

>From b3822f59c4e33c79de31fe18237026e386c93128 Mon Sep 17 00:00:00 2001
From: Nicolas Dichtel <nicolas.dichtel at 6wind.com>
Date: Fri, 31 Jan 2014 09:24:05 +0100
Subject: Revert "ip6tnl: fix use after free of fb_tnl_dev"

[ No relevant upstream commit. ]

This reverts commit 22c3ec552c29cf4bd4a75566088950fe57d860c4.

This patch is not the right fix, it introduces a memory leak when a netns is
destroyed (the FB device is never deleted).

Signed-off-by: Nicolas Dichtel <nicolas.dichtel at 6wind.com>
Reported-by: Steven Rostedt <srostedt at redhat.com>
Tested-by: Steven Rostedt <srostedt at redhat.com> (and our entire MRG team)
Tested-by: "Luis Claudio R. Goncalves" <lgoncalv at redhat.com>
Tested-by: John Kacur <jkacur at redhat.com>
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
 net/ipv6/ip6_tunnel.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index 85416a0..cf5d490 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -1717,6 +1717,8 @@ static void __net_exit ip6_tnl_destroy_tunnels(struct ip6_tnl_net *ip6n)
 		}
 	}

+	t = rtnl_dereference(ip6n->tnls_wc[0]);
+	unregister_netdevice_queue(t->dev, &list);
 	unregister_netdevice_many(&list);
 }

--
1.8.3.2