[PATCH net] netlink: avoid a double skb free in genlmsg

Netdev List
 help / color / mirror / Atom feed

* [PATCH net] netlink: avoid a double skb free in genlmsg_mcast()
       [not found] <1520899459.23626.87.camel@codethink.co.uk>
@ 2018-03-14 20:10 ` Nicolas Dichtel
  2018-03-16 16:36   ` David Miller
  0 siblings, 1 reply; 2+ messages in thread
From: Nicolas Dichtel @ 2018-03-14 20:10 UTC (permalink / raw)
  To: ben.hutchings
  Cc: davem, netdev, stable, johannes.berg, gregkh, linux-kernel,
	Nicolas Dichtel

nlmsg_multicast() consumes always the skb, thus the original skb must be
freed only when this function is called with a clone.

Fixes: cb9f7a9a5c96 ("netlink: ensure to loop over all netns in genlmsg_multicast_allns()")
Reported-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
---
 net/netlink/genetlink.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c
index 6f02499ef007..b9ce82c9440f 100644
--- a/net/netlink/genetlink.c
+++ b/net/netlink/genetlink.c
@@ -1106,7 +1106,7 @@ static int genlmsg_mcast(struct sk_buff *skb, u32 portid, unsigned long group,
 	if (!err)
 		delivered = true;
 	else if (err != -ESRCH)
-		goto error;
+		return err;
 	return delivered ? 0 : -ESRCH;
  error:
 	kfree_skb(skb);
-- 
2.15.1

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH net] netlink: avoid a double skb free in genlmsg_mcast()
  2018-03-14 20:10 ` [PATCH net] netlink: avoid a double skb free in genlmsg_mcast() Nicolas Dichtel
@ 2018-03-16 16:36   ` David Miller
  0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2018-03-16 16:36 UTC (permalink / raw)
  To: nicolas.dichtel
  Cc: ben.hutchings, netdev, stable, johannes.berg, gregkh,
	linux-kernel

From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Date: Wed, 14 Mar 2018 21:10:23 +0100

> nlmsg_multicast() consumes always the skb, thus the original skb must be
> freed only when this function is called with a clone.
> 
> Fixes: cb9f7a9a5c96 ("netlink: ensure to loop over all netns in genlmsg_multicast_allns()")
> Reported-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>

Yeah these "clone until final send" loops can be tricky to manage.

Good catch, applied and queued up for -stable, thanks.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2018-03-16 16:36 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <1520899459.23626.87.camel@codethink.co.uk>
2018-03-14 20:10 ` [PATCH net] netlink: avoid a double skb free in genlmsg_mcast() Nicolas Dichtel
2018-03-16 16:36   ` David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox