[patch 19/38] INET_DIAG: Fix inet_diag_lock_handler error path.

Fri, 22 Feb 2008 16:57:18 -0800 

2.6.24-stable review patch.  If anyone has any objections, please let us
know.

------------------
Upstream commit: 8cf8e5a67fb07f583aac94482ba51a7930dab493

Fixes: http://bugzilla.kernel.org/show_bug.cgi?id=9825

The inet_diag_lock_handler function uses ERR_PTR to encode errors but
its callers were testing against NULL.

This only happens when the only inet_diag modular user, DCCP, is not
built into the kernel or available as a module.

Also there was a problem with not dropping the mutex lock when a handler
was not found, also fixed in this patch.

This caused an OOPS and ss would then hang on subsequent calls, as
&inet_diag_table_mutex was being left locked.

Thanks to spike at ml.yaroslavl.ru for report it after trying 'ss -d'
on a kernel that doesn't have DCCP available.

This bug was introduced in cset
d523a328fb0271e1a763e985a21f2488fd816e7e ("Fix inet_diag dead-lock
regression"), after 2.6.24-rc3, so just 2.6.24 seems to be affected.

Signed-off-by: Arnaldo Carvalho de Melo <[EMAIL PROTECTED]>
Acked-by: Herbert Xu <[EMAIL PROTECTED]>
Signed-off-by: David S. Miller <[EMAIL PROTECTED]>
Signed-off-by: Greg Kroah-Hartman <[EMAIL PROTECTED]>

---
 net/ipv4/inet_diag.c |   11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

--- a/net/ipv4/inet_diag.c
+++ b/net/ipv4/inet_diag.c
@@ -259,8 +259,10 @@ static int inet_diag_get_exact(struct sk
        const struct inet_diag_handler *handler;
 
        handler = inet_diag_lock_handler(nlh->nlmsg_type);
-       if (!handler)
-               return -ENOENT;
+       if (IS_ERR(handler)) {
+               err = PTR_ERR(handler);
+               goto unlock;
+       }
 
        hashinfo = handler->idiag_hashinfo;
        err = -EINVAL;
@@ -708,8 +710,8 @@ static int inet_diag_dump(struct sk_buff
        struct inet_hashinfo *hashinfo;
 
        handler = inet_diag_lock_handler(cb->nlh->nlmsg_type);
-       if (!handler)
-               goto no_handler;
+       if (IS_ERR(handler))
+               goto unlock;
 
        hashinfo = handler->idiag_hashinfo;
 
@@ -838,7 +840,6 @@ done:
        cb->args[2] = num;
 unlock:
        inet_diag_unlock_handler(handler);
-no_handler:
        return skb->len;
 }
 

-- 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to