From: Wang Weidong <wangweidong1@huawei.com>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: David Miller <davem@davemloft.net>, <kuznet@ms2.inr.ac.ru>,
<jmorris@namei.org>, <yoshfuji@linux-ipv6.org>, <kaber@trash.net>,
<netdev@vger.kernel.org>
Subject: Re: [PATCH net-next] ipv4: fix kfree static array pointer in ipv4_sysctl_exit_net
Date: Thu, 8 May 2014 20:48:52 +0800 [thread overview]
Message-ID: <536B7D34.4050104@huawei.com> (raw)
In-Reply-To: <1399552485.7973.2.camel@edumazet-glaptop2.roam.corp.google.com>
On 2014/5/8 20:34, Eric Dumazet wrote:
> On Thu, 2014-05-08 at 15:40 +0800, Wang Weidong wrote:
>> In ipv4_sysctl_init_net, we don't kmemdup a sysctl_table for init_net,
>> so init_net->ipv4.ipv4_hdr->ctl_table_arg points to ipv4_net_table which
>> is a static array pointer. So when do ipv4_sysctl_exit_net, it will
>> free the ipv4_net_table for init_net.
>>
>> So add a check net_namespace init_net before kfree the sysctl_table.
>>
>> Signed-off-by: Wang Weidong <wangweidong1@huawei.com>
>> ---
>> net/ipv4/sysctl_net_ipv4.c | 3 ++-
>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
>> index 44eba05..2825577 100644
>> --- a/net/ipv4/sysctl_net_ipv4.c
>> +++ b/net/ipv4/sysctl_net_ipv4.c
>> @@ -891,7 +891,8 @@ static __net_exit void ipv4_sysctl_exit_net(struct net *net)
>>
>> table = net->ipv4.ipv4_hdr->ctl_table_arg;
>> unregister_net_sysctl_table(net->ipv4.ipv4_hdr);
>> - kfree(table);
>> + if (!net_eq(net, &init_net))
>> + kfree(table);
>> }
>>
>> static __net_initdata struct pernet_operations ipv4_sysctl_ops = {
>
> Could you explain how you can trigger this case, calling
> ipv4_sysctl_exit_net() with net == &init_net ?
>
> This would be a bug, your patch would try to hide it maybe ?
>
No.
I just trigger the similar case on sctp when I do 'rmmod -f sctp'.
Here I add the init_net case for sctp register sysctl.
Is it better to add BUG_ON(net == &init_net) maybe?
Regards
Wang
>
>
>
next prev parent reply other threads:[~2014-05-08 12:49 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-08 7:40 [PATCH net-next] ipv4: fix kfree static array pointer in ipv4_sysctl_exit_net Wang Weidong
2014-05-08 12:34 ` Eric Dumazet
2014-05-08 12:48 ` Wang Weidong [this message]
2014-05-08 18:20 ` Eric Dumazet
2014-05-09 4:16 ` Wang Weidong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=536B7D34.4050104@huawei.com \
--to=wangweidong1@huawei.com \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=jmorris@namei.org \
--cc=kaber@trash.net \
--cc=kuznet@ms2.inr.ac.ru \
--cc=netdev@vger.kernel.org \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).