* [Patch net] tipc: check return value of __tipc_dump_start()
@ 2018-09-11 22:12 Cong Wang
2018-09-12 10:04 ` Ying Xue
2018-09-12 20:15 ` David Miller
0 siblings, 2 replies; 3+ messages in thread
From: Cong Wang @ 2018-09-11 22:12 UTC (permalink / raw)
To: netdev; +Cc: tipc-discussion, Cong Wang, Jon Maloy, Ying Xue
When __tipc_dump_start() fails with running out of memory,
we have no reason to continue, especially we should avoid
calling tipc_dump_done().
Fixes: 8f5c5fcf3533 ("tipc: call start and done ops directly in __tipc_nl_compat_dumpit()")
Reported-and-tested-by: syzbot+3f8324abccfbf8c74a9f@syzkaller.appspotmail.com
Cc: Jon Maloy <jon.maloy@ericsson.com>
Cc: Ying Xue <ying.xue@windriver.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
---
net/tipc/netlink_compat.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c
index 82f665728382..6376467e78f8 100644
--- a/net/tipc/netlink_compat.c
+++ b/net/tipc/netlink_compat.c
@@ -185,7 +185,10 @@ static int __tipc_nl_compat_dumpit(struct tipc_nl_compat_cmd_dump *cmd,
return -ENOMEM;
buf->sk = msg->dst_sk;
- __tipc_dump_start(&cb, msg->net);
+ if (__tipc_dump_start(&cb, msg->net)) {
+ kfree_skb(buf);
+ return -ENOMEM;
+ }
do {
int rem;
--
2.14.4
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Patch net] tipc: check return value of __tipc_dump_start()
2018-09-11 22:12 [Patch net] tipc: check return value of __tipc_dump_start() Cong Wang
@ 2018-09-12 10:04 ` Ying Xue
2018-09-12 20:15 ` David Miller
1 sibling, 0 replies; 3+ messages in thread
From: Ying Xue @ 2018-09-12 10:04 UTC (permalink / raw)
To: Cong Wang, netdev; +Cc: tipc-discussion
On 09/12/2018 06:12 AM, Cong Wang wrote:
> When __tipc_dump_start() fails with running out of memory,
> we have no reason to continue, especially we should avoid
> calling tipc_dump_done().
>
> Fixes: 8f5c5fcf3533 ("tipc: call start and done ops directly in __tipc_nl_compat_dumpit()")
> Reported-and-tested-by: syzbot+3f8324abccfbf8c74a9f@syzkaller.appspotmail.com
> Cc: Jon Maloy <jon.maloy@ericsson.com>
> Cc: Ying Xue <ying.xue@windriver.com>
> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Acked-by: Ying Xue <ying.xue@windriver.com>
> ---
> net/tipc/netlink_compat.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c
> index 82f665728382..6376467e78f8 100644
> --- a/net/tipc/netlink_compat.c
> +++ b/net/tipc/netlink_compat.c
> @@ -185,7 +185,10 @@ static int __tipc_nl_compat_dumpit(struct tipc_nl_compat_cmd_dump *cmd,
> return -ENOMEM;
>
> buf->sk = msg->dst_sk;
> - __tipc_dump_start(&cb, msg->net);
> + if (__tipc_dump_start(&cb, msg->net)) {
> + kfree_skb(buf);
> + return -ENOMEM;
> + }
>
> do {
> int rem;
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Patch net] tipc: check return value of __tipc_dump_start()
2018-09-11 22:12 [Patch net] tipc: check return value of __tipc_dump_start() Cong Wang
2018-09-12 10:04 ` Ying Xue
@ 2018-09-12 20:15 ` David Miller
1 sibling, 0 replies; 3+ messages in thread
From: David Miller @ 2018-09-12 20:15 UTC (permalink / raw)
To: xiyou.wangcong; +Cc: netdev, tipc-discussion, jon.maloy, ying.xue
From: Cong Wang <xiyou.wangcong@gmail.com>
Date: Tue, 11 Sep 2018 15:12:17 -0700
> When __tipc_dump_start() fails with running out of memory,
> we have no reason to continue, especially we should avoid
> calling tipc_dump_done().
>
> Fixes: 8f5c5fcf3533 ("tipc: call start and done ops directly in __tipc_nl_compat_dumpit()")
> Reported-and-tested-by: syzbot+3f8324abccfbf8c74a9f@syzkaller.appspotmail.com
> Cc: Jon Maloy <jon.maloy@ericsson.com>
> Cc: Ying Xue <ying.xue@windriver.com>
> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Applied, thanks Cong.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-09-13 1:22 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-09-11 22:12 [Patch net] tipc: check return value of __tipc_dump_start() Cong Wang
2018-09-12 10:04 ` Ying Xue
2018-09-12 20:15 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).