Commit 8cf8e5a6 authored by Arnaldo Carvalho de Melo's avatar Arnaldo Carvalho de Melo Committed by David S. Miller

[INET_DIAG]: Fix inet_diag_lock_handler error path.

Fixes: http://bugzilla.kernel.org/show_bug.cgi?id=9825

The inet_diag_lock_handler function uses ERR_PTR to encode errors but
its callers were testing against NULL.

This only happens when the only inet_diag modular user, DCCP, is not
built into the kernel or available as a module.

Also there was a problem with not dropping the mutex lock when a handler
was not found, also fixed in this patch.

This caused an OOPS and ss would then hang on subsequent calls, as
&inet_diag_table_mutex was being left locked.

Thanks to spike at ml.yaroslavl.ru for report it after trying 'ss -d'
on a kernel that doesn't have DCCP available.

This bug was introduced in cset
d523a328 ("Fix inet_diag dead-lock
regression"), after 2.6.24-rc3, so just 2.6.24 seems to be affected.
Signed-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
Acked-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 406a1d86
...@@ -259,8 +259,10 @@ static int inet_diag_get_exact(struct sk_buff *in_skb, ...@@ -259,8 +259,10 @@ static int inet_diag_get_exact(struct sk_buff *in_skb,
const struct inet_diag_handler *handler; const struct inet_diag_handler *handler;
handler = inet_diag_lock_handler(nlh->nlmsg_type); handler = inet_diag_lock_handler(nlh->nlmsg_type);
if (!handler) if (IS_ERR(handler)) {
return -ENOENT; err = PTR_ERR(handler);
goto unlock;
}
hashinfo = handler->idiag_hashinfo; hashinfo = handler->idiag_hashinfo;
err = -EINVAL; err = -EINVAL;
...@@ -708,8 +710,8 @@ static int inet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb) ...@@ -708,8 +710,8 @@ static int inet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb)
struct inet_hashinfo *hashinfo; struct inet_hashinfo *hashinfo;
handler = inet_diag_lock_handler(cb->nlh->nlmsg_type); handler = inet_diag_lock_handler(cb->nlh->nlmsg_type);
if (!handler) if (IS_ERR(handler))
goto no_handler; goto unlock;
hashinfo = handler->idiag_hashinfo; hashinfo = handler->idiag_hashinfo;
...@@ -838,7 +840,6 @@ done: ...@@ -838,7 +840,6 @@ done:
cb->args[2] = num; cb->args[2] = num;
unlock: unlock:
inet_diag_unlock_handler(handler); inet_diag_unlock_handler(handler);
no_handler:
return skb->len; return skb->len;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment