aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArnaldo Carvalho de Melo <acme@redhat.com>2008-01-28 23:52:12 -0500
committerDavid S. Miller <davem@davemloft.net>2008-01-31 22:27:08 -0500
commit8cf8e5a67fb07f583aac94482ba51a7930dab493 (patch)
tree0fa0b3c39ff3c1f3aca7b1013a1932f18ca2021d
parent406a1d868001423c85a3165288e566e65f424fe6 (diff)
[INET_DIAG]: Fix inet_diag_lock_handler error path.
Fixes: http://bugzilla.kernel.org/show_bug.cgi?id=9825 The inet_diag_lock_handler function uses ERR_PTR to encode errors but its callers were testing against NULL. This only happens when the only inet_diag modular user, DCCP, is not built into the kernel or available as a module. Also there was a problem with not dropping the mutex lock when a handler was not found, also fixed in this patch. This caused an OOPS and ss would then hang on subsequent calls, as &inet_diag_table_mutex was being left locked. Thanks to spike at ml.yaroslavl.ru for report it after trying 'ss -d' on a kernel that doesn't have DCCP available. This bug was introduced in cset d523a328fb0271e1a763e985a21f2488fd816e7e ("Fix inet_diag dead-lock regression"), after 2.6.24-rc3, so just 2.6.24 seems to be affected. Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/ipv4/inet_diag.c11
1 files changed, 6 insertions, 5 deletions
diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
index 605ed2cd7972..4cfb15c461f1 100644
--- a/net/ipv4/inet_diag.c
+++ b/net/ipv4/inet_diag.c
@@ -259,8 +259,10 @@ static int inet_diag_get_exact(struct sk_buff *in_skb,
259 const struct inet_diag_handler *handler; 259 const struct inet_diag_handler *handler;
260 260
261 handler = inet_diag_lock_handler(nlh->nlmsg_type); 261 handler = inet_diag_lock_handler(nlh->nlmsg_type);
262 if (!handler) 262 if (IS_ERR(handler)) {
263 return -ENOENT; 263 err = PTR_ERR(handler);
264 goto unlock;
265 }
264 266
265 hashinfo = handler->idiag_hashinfo; 267 hashinfo = handler->idiag_hashinfo;
266 err = -EINVAL; 268 err = -EINVAL;
@@ -708,8 +710,8 @@ static int inet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb)
708 struct inet_hashinfo *hashinfo; 710 struct inet_hashinfo *hashinfo;
709 711
710 handler = inet_diag_lock_handler(cb->nlh->nlmsg_type); 712 handler = inet_diag_lock_handler(cb->nlh->nlmsg_type);
711 if (!handler) 713 if (IS_ERR(handler))
712 goto no_handler; 714 goto unlock;
713 715
714 hashinfo = handler->idiag_hashinfo; 716 hashinfo = handler->idiag_hashinfo;
715 717
@@ -838,7 +840,6 @@ done:
838 cb->args[2] = num; 840 cb->args[2] = num;
839unlock: 841unlock:
840 inet_diag_unlock_handler(handler); 842 inet_diag_unlock_handler(handler);
841no_handler:
842 return skb->len; 843 return skb->len;
843} 844}
844 845