From fdfdd38cceebcd62df60785e8523e068b84f7076 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Sat, 6 Apr 2019 12:21:46 +0200
Subject: allowedips: initialize list head when removing intermediate nodes

Otherwise if this list item is later reused, we'll crash on list poison
or worse.

Also, add a version of Mimka's reproducer to netns.sh to catch these
types of bugs in the future.

Reported-by: Mimka <mikma.wg@lists.m7n.se>
---
 src/allowedips.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/allowedips.c')

diff --git a/src/allowedips.c b/src/allowedips.c
index f175944..610aab0 100644
--- a/src/allowedips.c
+++ b/src/allowedips.c
@@ -108,7 +108,7 @@ static void walk_remove_by_peer(struct allowedips_node __rcu **top,
 			if (rcu_dereference_protected(node->peer,
 				lockdep_is_held(lock)) == peer) {
 				RCU_INIT_POINTER(node->peer, NULL);
-				list_del(&node->peer_list);
+				list_del_init(&node->peer_list);
 				if (!node->bit[0] || !node->bit[1]) {
 					rcu_assign_pointer(*nptr, DEREF(
 					       &node->bit[!REF(node->bit[0])]));
-- 
cgit v1.2.3-59-g8ed1b