From mboxrd@z Thu Jan  1 00:00:00 1970
From: Alexey Kodanev <alexey.kodanev@oracle.com>
Subject: Re: [PATCH net] rtnetlink: invoke 'cb->done' destructor before
 'cb->args' reset
Date: Thu, 1 Nov 2018 16:42:35 +0300
Message-ID: <11ce99ef-b587-4402-30df-0ae9c8a37dd0@oracle.com>
References: <1540968178-18894-1-git-send-email-alexey.kodanev@oracle.com>
 <104f12e4-866b-b986-cb9d-28c40d5c5e84@gmail.com>
 <50d88abb-bfba-6c70-af68-7bac60a0d4b1@gmail.com>
 <dbd48fde-3a7f-2800-4317-4eab2ecfd41d@oracle.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Cc: David Miller <davem@davemloft.net>
To: David Ahern <dsahern@gmail.com>, netdev@vger.kernel.org
Return-path: <netdev-owner@vger.kernel.org>
Received: from userp2130.oracle.com ([156.151.31.86]:51506 "EHLO
        userp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728479AbeKAWf0 (ORCPT
        <rfc822;netdev@vger.kernel.org>); Thu, 1 Nov 2018 18:35:26 -0400
In-Reply-To: <dbd48fde-3a7f-2800-4317-4eab2ecfd41d@oracle.com>
Content-Language: en-US
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

On 11/01/2018 04:11 PM, Alexey Kodanev wrote:
> On 10/31/2018 08:35 PM, David Ahern wrote:
>> On 10/31/18 10:55 AM, David Ahern wrote:
>>> I think the simplest fix for 4.20 is to break the loop if ret is non-0 -
>>> restore the previous behavior. 
>>
>> that is the only recourse. It has to bail if ret is non-0. Do you want
>> to send a patch with that fix?
>>
> 
> I see, and inet6_dump_fib() cleanups fib6_walker if ret is zero. Will send the fix.

Can it happen that inet6_dump_fib() returns skb->len (0) in the below cases?

* 	if (arg.filter.flags & RTM_F_CLONED)
		return skb->len;

        ...

	w = (void *)cb->args[2];
	if (!w) {
		...
		w = kzalloc(...)
                ...

* 	if (arg.filter.table_id) {
                ...
		if (!tb) {
			if (arg.filter.dump_all_families)
				return skb->len;


Would it be safer to add "res = skb->len; goto out;" instead of "return skb->len;"
so that it can call fib6_dump_end() for "res <= 0"? Or use cb->data instead of
cb->args?