From: Wang Weidong <wangweidong1@huawei.com>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: David Miller <davem@davemloft.net>, <kuznet@ms2.inr.ac.ru>,
<jmorris@namei.org>, <yoshfuji@linux-ipv6.org>, <kaber@trash.net>,
<netdev@vger.kernel.org>
Subject: Re: [PATCH net-next] ipv4: fix kfree static array pointer in ipv4_sysctl_exit_net
Date: Thu, 8 May 2014 20:48:52 +0800 [thread overview]
Message-ID: <536B7D34.4050104@huawei.com> (raw)
In-Reply-To: <1399552485.7973.2.camel@edumazet-glaptop2.roam.corp.google.com>
On 2014/5/8 20:34, Eric Dumazet wrote:
> On Thu, 2014-05-08 at 15:40 +0800, Wang Weidong wrote:
>> In ipv4_sysctl_init_net, we don't kmemdup a sysctl_table for init_net,
>> so init_net->ipv4.ipv4_hdr->ctl_table_arg points to ipv4_net_table which
>> is a static array pointer. So when do ipv4_sysctl_exit_net, it will
>> free the ipv4_net_table for init_net.
>>
>> So add a check net_namespace init_net before kfree the sysctl_table.
>>
>> Signed-off-by: Wang Weidong <wangweidong1@huawei.com>
>> ---
>> net/ipv4/sysctl_net_ipv4.c | 3 ++-
>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
>> index 44eba05..2825577 100644
>> --- a/net/ipv4/sysctl_net_ipv4.c
>> +++ b/net/ipv4/sysctl_net_ipv4.c
>> @@ -891,7 +891,8 @@ static __net_exit void ipv4_sysctl_exit_net(struct net *net)
>>
>> table = net->ipv4.ipv4_hdr->ctl_table_arg;
>> unregister_net_sysctl_table(net->ipv4.ipv4_hdr);
>> - kfree(table);
>> + if (!net_eq(net, &init_net))
>> + kfree(table);
>> }
>>
>> static __net_initdata struct pernet_operations ipv4_sysctl_ops = {
>
> Could you explain how you can trigger this case, calling
> ipv4_sysctl_exit_net() with net == &init_net ?
>
> This would be a bug, your patch would try to hide it maybe ?
>
No.
I just trigger the similar case on sctp when I do 'rmmod -f sctp'.
Here I add the init_net case for sctp register sysctl.
Is it better to add BUG_ON(net == &init_net) maybe?
Regards
Wang
>
>
>
next prev parent reply other threads:[~2014-05-08 12:49 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-08 7:40 [PATCH net-next] ipv4: fix kfree static array pointer in ipv4_sysctl_exit_net Wang Weidong
2014-05-08 12:34 ` Eric Dumazet
2014-05-08 12:48 ` Wang Weidong [this message]
2014-05-08 18:20 ` Eric Dumazet
2014-05-09 4:16 ` Wang Weidong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=536B7D34.4050104@huawei.com \
--to=wangweidong1@huawei.com \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=jmorris@namei.org \
--cc=kaber@trash.net \
--cc=kuznet@ms2.inr.ac.ru \
--cc=netdev@vger.kernel.org \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.