From: Andrey Ryabinin <aryabinin@xxxxxxxxxxxxx> Date: Tue, 21 Feb 2017 14:27:40 +0300 > DCCP doesn't purge timewait sockets on network namespace shutdown. > So, after net namespace destroyed we could still have an active timer > which will trigger use after free in tw_timer_handler(): ... > Add .exit_batch hook to dccp_v4_ops()/dccp_v6_ops() which will purge > timewait sockets on net namespace destruction and prevent above issue. > > Reported-by: Dmitry Vyukov <dvyukov@xxxxxxxxxx> > Signed-off-by: Andrey Ryabinin <aryabinin@xxxxxxxxxxxxx> Applied and queued up for -stable, thanks. -- To unsubscribe from this list: send the line "unsubscribe dccp" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
