| Message ID | 20210708073745.13797-1-yajun.deng@linux.dev (mailing list archive) |
|---|---|
| State | Not Applicable |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | net: rtnetlink: Fix rtnl_dereference return value is NULL | expand |
| Context | Check | Description |
|---|---|---|
| netdev/cover_letter | success | Link |
| netdev/fixes_present | success | Link |
| netdev/patch_count | success | Link |
| netdev/tree_selection | success | Guessed tree name to be net-next |
| netdev/subject_prefix | warning | Target tree name not specified in the subject |
| netdev/cc_maintainers | success | CCed 11 of 11 maintainers |
| netdev/source_inline | success | Was 0 now: 0 |
| netdev/verify_signedoff | success | Link |
| netdev/module_param | success | Was 0 now: 0 |
| netdev/build_32bit | success | Errors and warnings before: 1 this patch: 1 |
| netdev/kdoc | success | Errors and warnings before: 0 this patch: 0 |
| netdev/verify_fixes | success | Link |
| netdev/checkpatch | success | total: 0 errors, 0 warnings, 0 checks, 34 lines checked |
| netdev/build_allmodconfig_warn | success | Errors and warnings before: 1 this patch: 1 |
| netdev/header_inline | success | Link |
On 7/8/21 9:37 AM, Yajun Deng wrote: > rtnl_dereference() may be return NULL in rtnl_unregister(), > so add this case handling. > > Signed-off-by: Yajun Deng <yajun.deng@linux.dev> > --- > net/core/rtnetlink.c | 17 ++++++++++------- > 1 file changed, 10 insertions(+), 7 deletions(-) > I do not see a use case for this. None of rtnl_unregister() callers check the return value anyway. Can you elaborate ? If this was a bug fix, we would need a Fixes: tag. If this is something you need for an upcoming work, you would need to tag this for net-next tree. Thanks.
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index f6af3e74fc44..57ce22669b06 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -289,24 +289,27 @@ int rtnl_unregister(int protocol, int msgtype) struct rtnl_link __rcu **tab; struct rtnl_link *link; int msgindex; + int ret = -ENOENT; BUG_ON(protocol < 0 || protocol > RTNL_FAMILY_MAX); msgindex = rtm_msgindex(msgtype); rtnl_lock(); tab = rtnl_dereference(rtnl_msg_handlers[protocol]); - if (!tab) { - rtnl_unlock(); - return -ENOENT; - } + if (!tab) + goto unlock; link = rtnl_dereference(tab[msgindex]); - rcu_assign_pointer(tab[msgindex], NULL); - rtnl_unlock(); + if (!link) + goto unlock; + rcu_assign_pointer(tab[msgindex], NULL); kfree_rcu(link, rcu); + ret = 0; - return 0; +unlock: + rtnl_unlock(); + return ret; } EXPORT_SYMBOL_GPL(rtnl_unregister);
rtnl_dereference() may be return NULL in rtnl_unregister(), so add this case handling. Signed-off-by: Yajun Deng <yajun.deng@linux.dev> --- net/core/rtnetlink.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-)