From: Andrey Ryabinin <aryabi...@virtuozzo.com>
Date: Wed, 22 Feb 2017 12:35:27 +0300
> DCCP doesn't purge timewait sockets on network namespace shutdown.
> So, after net namespace destroyed we could still have an active timer
> which will trigger use after free in tw_timer_handler():
...
> Add .exit_batch hook to dccp_v4_ops()/dccp_v6_ops() which will purge
> timewait sockets on net namespace destruction and prevent above issue.
>
> Fixes: f2bf415cfed7 ("mib: add net to NET_ADD_STATS_BH")
> Reported-by: Dmitry Vyukov <dvyu...@google.com>
> Signed-off-by: Andrey Ryabinin <aryabi...@virtuozzo.com>
> Acked-by: Arnaldo Carvalho de Melo <a...@redhat.com>
Applied and queued up for -sable, thanks.
