[PATCH][INET_DIAG]: Fix inet_diag_lock

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH][INET_DIAG]: Fix inet_diag_lock_handler error path
@ 2008-01-28  2:20 Arnaldo Carvalho de Melo
  2008-01-28 11:03 ` Herbert Xu
  0 siblings, 1 reply; 3+ messages in thread
From: Arnaldo Carvalho de Melo @ 2008-01-28  2:20 UTC (permalink / raw)
  To: David S. Miller; +Cc: Herbert Xu, spike, netdev, stable

Fixes: http://bugzilla.kernel.org/show_bug.cgi?id=9825

The inet_diag_lock_handler function uses ERR_PTR to encode errors but
its callers were testing against NULL.

This only happens when the only inet_diag modular user, DCCP, is not
built into the kernel or available as a module.

Also there was a problem with not dropping the mutex lock when a handler
was not found, also fixed in this patch.

This caused an OOPS and ss would then hang on subsequent calls, as
&inet_diag_table_mutex was being left locked.

Thanks to spike at ml.yaroslavl.ru for report it after trying 'ss -d'
on a kernel that doesn't have DCCP available.

This bug was introduced in cset
d523a328fb0271e1a763e985a21f2488fd816e7e, after 2.6.24-rc3, so just
2.6.24 seems to be affected.

Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>

diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
index e468e7a..6d2979c 100644
--- a/net/ipv4/inet_diag.c
+++ b/net/ipv4/inet_diag.c
@@ -259,8 +259,10 @@ static int inet_diag_get_exact(struct sk_buff *in_skb,
 	const struct inet_diag_handler *handler;

 	handler = inet_diag_lock_handler(nlh->nlmsg_type);
-	if (!handler)
-		return -ENOENT;
+	if (IS_ERR(handler)) {
+		err = PTR_ERR(handler);
+		goto unlock;
+	}

 	hashinfo = handler->idiag_hashinfo;
 	err = -EINVAL;
@@ -708,8 +710,8 @@ static int inet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb)
 	struct inet_hashinfo *hashinfo;

 	handler = inet_diag_lock_handler(cb->nlh->nlmsg_type);
-	if (!handler)
-		goto no_handler;
+	if (IS_ERR(handler))
+		goto unlock;

 	hashinfo = handler->idiag_hashinfo;

@@ -838,7 +840,6 @@ done:
 	cb->args[2] = num;
 unlock:
 	inet_diag_unlock_handler(handler);
-no_handler:
 	return skb->len;
 }

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH][INET_DIAG]: Fix inet_diag_lock_handler error path
  2008-01-28  2:20 [PATCH][INET_DIAG]: Fix inet_diag_lock_handler error path Arnaldo Carvalho de Melo
@ 2008-01-28 11:03 ` Herbert Xu
  2008-01-29  4:52   ` David Miller
  0 siblings, 1 reply; 3+ messages in thread
From: Herbert Xu @ 2008-01-28 11:03 UTC (permalink / raw)
  To: Arnaldo Carvalho de Melo, David S. Miller, spike, netdev, stable

On Mon, Jan 28, 2008 at 12:20:50AM -0200, Arnaldo Carvalho de Melo wrote:
> Fixes: http://bugzilla.kernel.org/show_bug.cgi?id=9825
> 
> The inet_diag_lock_handler function uses ERR_PTR to encode errors but
> its callers were testing against NULL.

Thanks for catching this Arnaldo!
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH][INET_DIAG]: Fix inet_diag_lock_handler error path
  2008-01-28 11:03 ` Herbert Xu
@ 2008-01-29  4:52   ` David Miller
  0 siblings, 0 replies; 3+ messages in thread
From: David Miller @ 2008-01-29  4:52 UTC (permalink / raw)
  To: herbert; +Cc: acme, spike, netdev, stable

From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Mon, 28 Jan 2008 22:03:10 +1100

> On Mon, Jan 28, 2008 at 12:20:50AM -0200, Arnaldo Carvalho de Melo wrote:
> > Fixes: http://bugzilla.kernel.org/show_bug.cgi?id=9825
> > 
> > The inet_diag_lock_handler function uses ERR_PTR to encode errors but
> > its callers were testing against NULL.
> 
> Thanks for catching this Arnaldo!

Applied and queued up for 2.6.24-stable, thanks!

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2008-01-29  4:52 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-01-28  2:20 [PATCH][INET_DIAG]: Fix inet_diag_lock_handler error path Arnaldo Carvalho de Melo
2008-01-28 11:03 ` Herbert Xu
2008-01-29  4:52   ` David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).