diff options
author | Arnaldo Carvalho de Melo <acme@redhat.com> | 2008-01-28 23:52:12 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-01-31 22:27:08 -0500 |
commit | 8cf8e5a67fb07f583aac94482ba51a7930dab493 (patch) | |
tree | 0fa0b3c39ff3c1f3aca7b1013a1932f18ca2021d | |
parent | 406a1d868001423c85a3165288e566e65f424fe6 (diff) |
[INET_DIAG]: Fix inet_diag_lock_handler error path.
Fixes: http://bugzilla.kernel.org/show_bug.cgi?id=9825
The inet_diag_lock_handler function uses ERR_PTR to encode errors but
its callers were testing against NULL.
This only happens when the only inet_diag modular user, DCCP, is not
built into the kernel or available as a module.
Also there was a problem with not dropping the mutex lock when a handler
was not found, also fixed in this patch.
This caused an OOPS and ss would then hang on subsequent calls, as
&inet_diag_table_mutex was being left locked.
Thanks to spike at ml.yaroslavl.ru for report it after trying 'ss -d'
on a kernel that doesn't have DCCP available.
This bug was introduced in cset
d523a328fb0271e1a763e985a21f2488fd816e7e ("Fix inet_diag dead-lock
regression"), after 2.6.24-rc3, so just 2.6.24 seems to be affected.
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/ipv4/inet_diag.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c index 605ed2cd7972..4cfb15c461f1 100644 --- a/net/ipv4/inet_diag.c +++ b/net/ipv4/inet_diag.c | |||
@@ -259,8 +259,10 @@ static int inet_diag_get_exact(struct sk_buff *in_skb, | |||
259 | const struct inet_diag_handler *handler; | 259 | const struct inet_diag_handler *handler; |
260 | 260 | ||
261 | handler = inet_diag_lock_handler(nlh->nlmsg_type); | 261 | handler = inet_diag_lock_handler(nlh->nlmsg_type); |
262 | if (!handler) | 262 | if (IS_ERR(handler)) { |
263 | return -ENOENT; | 263 | err = PTR_ERR(handler); |
264 | goto unlock; | ||
265 | } | ||
264 | 266 | ||
265 | hashinfo = handler->idiag_hashinfo; | 267 | hashinfo = handler->idiag_hashinfo; |
266 | err = -EINVAL; | 268 | err = -EINVAL; |
@@ -708,8 +710,8 @@ static int inet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb) | |||
708 | struct inet_hashinfo *hashinfo; | 710 | struct inet_hashinfo *hashinfo; |
709 | 711 | ||
710 | handler = inet_diag_lock_handler(cb->nlh->nlmsg_type); | 712 | handler = inet_diag_lock_handler(cb->nlh->nlmsg_type); |
711 | if (!handler) | 713 | if (IS_ERR(handler)) |
712 | goto no_handler; | 714 | goto unlock; |
713 | 715 | ||
714 | hashinfo = handler->idiag_hashinfo; | 716 | hashinfo = handler->idiag_hashinfo; |
715 | 717 | ||
@@ -838,7 +840,6 @@ done: | |||
838 | cb->args[2] = num; | 840 | cb->args[2] = num; |
839 | unlock: | 841 | unlock: |
840 | inet_diag_unlock_handler(handler); | 842 | inet_diag_unlock_handler(handler); |
841 | no_handler: | ||
842 | return skb->len; | 843 | return skb->len; |
843 | } | 844 | } |
844 | 845 | ||