From: Tom Herbert <t...@herbertland.com>
Date: Tue, 1 Nov 2016 14:55:25 -0700
> commit ca26893f05e86 ("rhashtable: Add rhlist interface")
> added a field to rhashtable_iter so that length became 56 bytes
> and would exceed the size of args in netlink_callback (which is
> 48 bytes). The netlink diag dump function already has been
> allocating a iter structure and storing the pointed to that
> in the args of netlink_callback. ila_xlat also uses
> rhahstable_iter but is still putting that directly in
> the arg block. Now since rhashtable_iter size is increased
> we are overwriting beyond the structure. The next field
> happens to be cb_mutex pointer in netlink_sock and hence the crash.
>
> Fix is to alloc the rhashtable_iter and save it as pointer
> in arg.
>
> Tested:
>
> modprobe ila
> ./ip ila add loc 3333:0:0:0 loc_match 2222:0:0:1,
> ./ip ila list # NO crash now
>
> Signed-off-by: Tom Herbert <t...@herbertland.com>
Applied.
