Re: [PATCH] net: x25: fix one potential use-after-free issue

2017-05-15 Thread David Miller 
From: linzhang 
Date: Mon, 15 May 2017 12:12:49 +0800

> The function x25_init is not properly unregister related resources
> on error handler.It is will result in kernel oops if x25_init init
> failed, so add right unregister call on error handler.
> 
> Signed-off-by: linzhang 

I think we need to go a bit further and make x25_register_sysctl()
properly check for and return failure.

Something like:

diff --git a/include/net/x25.h b/include/net/x25.h
index c383aa4..6d30a01 100644
--- a/include/net/x25.h
+++ b/include/net/x25.h
@@ -298,10 +298,10 @@ void x25_check_rbuf(struct sock *);
 
 /* sysctl_net_x25.c */
 #ifdef CONFIG_SYSCTL
-void x25_register_sysctl(void);
+int x25_register_sysctl(void);
 void x25_unregister_sysctl(void);
 #else
-static inline void x25_register_sysctl(void) {};
+static inline int x25_register_sysctl(void) { return 0; };
 static inline void x25_unregister_sysctl(void) {};
 #endif /* CONFIG_SYSCTL */
 
diff --git a/net/x25/af_x25.c b/net/x25/af_x25.c
index 8b911c2..b7d6614 100644
--- a/net/x25/af_x25.c
+++ b/net/x25/af_x25.c
@@ -1808,12 +1808,17 @@ static int __init x25_init(void)
 
pr_info("Linux Version 0.2\n");
 
-   x25_register_sysctl();
+   rc = x25_register_sysctl();
+   if (rc)
+   goto out_dev;
+
rc = x25_proc_init();
if (rc != 0)
-   goto out_dev;
+   goto out_sysctl;
 out:
return rc;
+out_sysctl:
+   x25_unregister_sysctl();
 out_dev:
unregister_netdevice_notifier(_dev_notifier);
 out_sock:
diff --git a/net/x25/sysctl_net_x25.c b/net/x25/sysctl_net_x25.c
index a06dfe1..ba078c8 100644
--- a/net/x25/sysctl_net_x25.c
+++ b/net/x25/sysctl_net_x25.c
@@ -73,9 +73,12 @@ static struct ctl_table x25_table[] = {
{ },
 };
 
-void __init x25_register_sysctl(void)
+int __init x25_register_sysctl(void)
 {
x25_table_header = register_net_sysctl(_net, "net/x25", x25_table);
+   if (!x25_table_header)
+   return -ENOMEM;
+   return 0;
 }
 
 void x25_unregister_sysctl(void)

Re: [PATCH] net: x25: fix one potential use-after-free issue

2017-05-15 Thread David Miller 
From: linzhang 
Date: Mon, 15 May 2017 12:12:49 +0800

> The function x25_init is not properly unregister related resources
> on error handler.It is will result in kernel oops if x25_init init
> failed, so add right unregister call on error handler.
> 
> Signed-off-by: linzhang 

I think we need to go a bit further and make x25_register_sysctl()
properly check for and return failure.

Something like:

diff --git a/include/net/x25.h b/include/net/x25.h
index c383aa4..6d30a01 100644
--- a/include/net/x25.h
+++ b/include/net/x25.h
@@ -298,10 +298,10 @@ void x25_check_rbuf(struct sock *);
 
 /* sysctl_net_x25.c */
 #ifdef CONFIG_SYSCTL
-void x25_register_sysctl(void);
+int x25_register_sysctl(void);
 void x25_unregister_sysctl(void);
 #else
-static inline void x25_register_sysctl(void) {};
+static inline int x25_register_sysctl(void) { return 0; };
 static inline void x25_unregister_sysctl(void) {};
 #endif /* CONFIG_SYSCTL */
 
diff --git a/net/x25/af_x25.c b/net/x25/af_x25.c
index 8b911c2..b7d6614 100644
--- a/net/x25/af_x25.c
+++ b/net/x25/af_x25.c
@@ -1808,12 +1808,17 @@ static int __init x25_init(void)
 
pr_info("Linux Version 0.2\n");
 
-   x25_register_sysctl();
+   rc = x25_register_sysctl();
+   if (rc)
+   goto out_dev;
+
rc = x25_proc_init();
if (rc != 0)
-   goto out_dev;
+   goto out_sysctl;
 out:
return rc;
+out_sysctl:
+   x25_unregister_sysctl();
 out_dev:
unregister_netdevice_notifier(_dev_notifier);
 out_sock:
diff --git a/net/x25/sysctl_net_x25.c b/net/x25/sysctl_net_x25.c
index a06dfe1..ba078c8 100644
--- a/net/x25/sysctl_net_x25.c
+++ b/net/x25/sysctl_net_x25.c
@@ -73,9 +73,12 @@ static struct ctl_table x25_table[] = {
{ },
 };
 
-void __init x25_register_sysctl(void)
+int __init x25_register_sysctl(void)
 {
x25_table_header = register_net_sysctl(_net, "net/x25", x25_table);
+   if (!x25_table_header)
+   return -ENOMEM;
+   return 0;
 }
 
 void x25_unregister_sysctl(void)

[PATCH] net: x25: fix one potential use-after-free issue

2017-05-14 Thread linzhang 
The function x25_init is not properly unregister related resources
on error handler.It is will result in kernel oops if x25_init init
failed, so add right unregister call on error handler.

Signed-off-by: linzhang 
---
 net/x25/af_x25.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/net/x25/af_x25.c b/net/x25/af_x25.c
index 8b911c2..e01e09a 100644
--- a/net/x25/af_x25.c
+++ b/net/x25/af_x25.c
@@ -1811,12 +1811,14 @@ static int __init x25_init(void)
x25_register_sysctl();
rc = x25_proc_init();
if (rc != 0)
-   goto out_dev;
+   goto out_sysctl;
 out:
return rc;
-out_dev:
+out_sysctl:
+   x25_unregister_sysctl();
unregister_netdevice_notifier(_dev_notifier);
 out_sock:
+   dev_remove_pack(_packet_type);
sock_unregister(AF_X25);
 out_proto:
proto_unregister(_proto);
-- 
1.8.3.1

[PATCH] net: x25: fix one potential use-after-free issue

2017-05-14 Thread linzhang 
The function x25_init is not properly unregister related resources
on error handler.It is will result in kernel oops if x25_init init
failed, so add right unregister call on error handler.

Signed-off-by: linzhang 
---
 net/x25/af_x25.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/net/x25/af_x25.c b/net/x25/af_x25.c
index 8b911c2..e01e09a 100644
--- a/net/x25/af_x25.c
+++ b/net/x25/af_x25.c
@@ -1811,12 +1811,14 @@ static int __init x25_init(void)
x25_register_sysctl();
rc = x25_proc_init();
if (rc != 0)
-   goto out_dev;
+   goto out_sysctl;
 out:
return rc;
-out_dev:
+out_sysctl:
+   x25_unregister_sysctl();
unregister_netdevice_notifier(_dev_notifier);
 out_sock:
+   dev_remove_pack(_packet_type);
sock_unregister(AF_X25);
 out_proto:
proto_unregister(_proto);
-- 
1.8.3.1