From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Miller Subject: Re: [Patch net v3] tipc: call start and done ops directly in __tipc_nl_compat_dumpit() Date: Thu, 06 Sep 2018 21:50:09 -0700 (PDT) Message-ID: <20180906.215009.1468437505301800830.davem@davemloft.net> References: <20180904215455.3985-1-xiyou.wangcong@gmail.com> Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: netdev@vger.kernel.org, tipc-discussion@lists.sourceforge.net, jon.maloy@ericsson.com, ying.xue@windriver.com To: xiyou.wangcong@gmail.com Return-path: Received: from shards.monkeyblade.net ([23.128.96.9]:42580 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726187AbeIGJ3R (ORCPT ); Fri, 7 Sep 2018 05:29:17 -0400 In-Reply-To: <20180904215455.3985-1-xiyou.wangcong@gmail.com> Sender: netdev-owner@vger.kernel.org List-ID: From: Cong Wang Date: Tue, 4 Sep 2018 14:54:55 -0700 > __tipc_nl_compat_dumpit() uses a netlink_callback on stack, > so the only way to align it with other ->dumpit() call path > is calling tipc_dump_start() and tipc_dump_done() directly > inside it. Otherwise ->dumpit() would always get NULL from > cb->args[]. > > But tipc_dump_start() uses sock_net(cb->skb->sk) to retrieve > net pointer, the cb->skb here doesn't set skb->sk, the net pointer > is saved in msg->net instead, so introduce a helper function > __tipc_dump_start() to pass in msg->net. > > Ying pointed out cb->args[0...3] are already used by other > callbacks on this call path, so we can't use cb->args[0] any > more, use cb->args[4] instead. > > Fixes: 9a07efa9aea2 ("tipc: switch to rhashtable iterator") > Reported-and-tested-by: syzbot+e93a2c41f91b8e2c7d9b@syzkaller.appspotmail.com > Cc: Jon Maloy > Cc: Ying Xue > Signed-off-by: Cong Wang Applied, thanks Cong.