A couple of bugs in skb list handling were spotted by Dan Carpenter, with the help of Smatch; following up on them I found a couple more similar cases. This series fixes them by changing the relevant loops to use the dequeue-enqueue model (rather than in-place list modification), and then adds a list.h helper macro to refactor code using the dequeue-enqueue model.
Edward Cree (3): net: core: fix uses-after-free in list processing netfilter: fix use-after-free in NF_HOOK_LIST net: refactor dequeue-model list processing include/linux/list.h | 15 +++++++++++++++ include/linux/netfilter.h | 16 +++++++++------- net/core/dev.c | 23 +++++++++++++---------- net/ipv4/ip_input.c | 10 ++++------ net/ipv6/ip6_input.c | 10 ++++------ 5 files changed, 45 insertions(+), 29 deletions(-)
