From: Daniel Lezcano <dlezcano@fr.ibm.com>
To: Pavel Emelyanov <xemul@openvz.org>
Cc: David Miller <davem@davemloft.net>,
Linux Netdev List <netdev@vger.kernel.org>,
devel@openvz.org
Subject: Re: [PATCH net-2.6.26][IPV6]: Fix potential net leak and oops in ipv6 routing code.
Date: Wed, 26 Mar 2008 16:59:29 +0100 [thread overview]
Message-ID: <47EA72E1.804@fr.ibm.com> (raw)
In-Reply-To: <47EA7203.6070704@openvz.org>
Pavel Emelyanov wrote:
> The commits f3db4851 ([NETNS][IPV6] ip6_fib - fib6_clean_all handle several
> network namespaces) and 69ddb805 ([NETNS][IPV6] route6 - Make proc entry
> /proc/net/rt6_stats per namespace) made some proc files per net.
>
> Both of them introduced potential OOPS - get_proc_net can return NULL, but
> this check is lost - and a struct net leak - in case single_open() fails the
> previously got net is not put.
>
> Kill all these bugs with one patch.
>
> Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
>
> ---
>
> diff --git a/net/ipv6/route.c b/net/ipv6/route.c
> index ac44283..cd82b6d 100644
> --- a/net/ipv6/route.c
> +++ b/net/ipv6/route.c
> @@ -2390,10 +2390,18 @@ static int ipv6_route_show(struct seq_file *m, void *v)
>
> static int ipv6_route_open(struct inode *inode, struct file *file)
> {
> + int err;
> struct net *net = get_proc_net(inode);
> if (!net)
> return -ENXIO;
> - return single_open(file, ipv6_route_show, net);
> +
> + err = single_open(file, ipv6_route_show, net);
> + if (err < 0) {
> + put_net(net);
> + return err;
> + }
> +
> + return 0;
> }
>
> static int ipv6_route_release(struct inode *inode, struct file *file)
> @@ -2429,8 +2437,18 @@ static int rt6_stats_seq_show(struct seq_file *seq, void *v)
>
> static int rt6_stats_seq_open(struct inode *inode, struct file *file)
> {
> + int err;
> struct net *net = get_proc_net(inode);
> - return single_open(file, rt6_stats_seq_show, net);
> + if (!net)
> + return -ENXIO;
> +
> + err = single_open(file, rt6_stats_seq_show, net);
> + if (err < 0) {
> + put_net(net);
> + return err;
> + }
> +
> + return 0;
> }
>
> static int rt6_stats_seq_release(struct inode *inode, struct file *file)
Good catch. Thanks.
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
next prev parent reply other threads:[~2008-03-26 16:00 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-26 15:55 [PATCH net-2.6.26][IPV6]: Fix potential net leak and oops in ipv6 routing code Pavel Emelyanov
2008-03-26 15:59 ` Daniel Lezcano [this message]
2008-03-26 23:50 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47EA72E1.804@fr.ibm.com \
--to=dlezcano@fr.ibm.com \
--cc=davem@davemloft.net \
--cc=devel@openvz.org \
--cc=netdev@vger.kernel.org \
--cc=xemul@openvz.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).