Re: [PATCH v2] netlink: do not proceed if dump's start() errs

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Johannes Berg <johannes@sipsolutions.net>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>,
	davem@davemloft.net, netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2] netlink: do not proceed if dump's start() errs
Date: Sat, 30 Sep 2017 08:56:10 +0200	[thread overview]
Message-ID: <1506754570.3568.3.camel@sipsolutions.net> (raw)
In-Reply-To: <20170927224144.1749-1-Jason@zx2c4.com>

On Thu, 2017-09-28 at 00:41 +0200, Jason A. Donenfeld wrote:
> Drivers that use the start method for netlink dumping rely on dumpit
> not
> being called if start fails. For example, ila_xlat.c allocates memory
> and assigns it to cb->args[0] in its start() function. It might fail
> to
> do that and return -ENOMEM instead. However, even when returning an
> error, dumpit will be called, which, in the example above, quickly
> dereferences the memory in cb->args[0], which will OOPS the kernel.
> This
> is but one example of how this goes wrong.
> 
> Since start() has always been a function with an int return type, it
> therefore makes sense to use it properly, rather than ignoring it.
> This
> patch thus returns early and does not call dumpit() when start()
> fails.
> 
> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Reviewed-by: Johannes Berg <johannes@sipsolutions.net>


FWIW, I found another (indirect, via genetlink, like ila_xlat.c) in-
tree user that cares and expects the correct failure behaviour:

net/ipv6/seg6.c
	.start  = seg6_genl_dumphmac_start,

which can also have memory allocation failures. No others appear to
exist, afaict.

Either way, perhaps it's worth sending this to stable for that reason.

johannes

next prev parent reply	other threads:[~2017-09-30  6:56 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-09-27 12:39 [PATCH] netlink: do not proceed if dump's start() errs Jason A. Donenfeld
2017-09-27 12:50 ` Jason A. Donenfeld
2017-09-27 13:05   ` Johannes Berg
2017-09-27 13:06     ` Jason A. Donenfeld
2017-09-27 22:41       ` [PATCH v2] " Jason A. Donenfeld
2017-09-28 10:40         ` Jason A. Donenfeld
2017-09-30  6:27         ` David Miller
2017-09-30  6:56         ` Johannes Berg [this message]
2017-09-30 15:14           ` David Miller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1506754570.3568.3.camel@sipsolutions.net \
    --to=johannes@sipsolutions.net \
    --cc=Jason@zx2c4.com \
    --cc=davem@davemloft.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).