| Message ID | 20210708073745.13797-1-yajun.deng@linux.dev |
|---|---|
| State | New |
| Headers | show |
| Series | net: rtnetlink: Fix rtnl_dereference return value is NULL | expand |
On 7/8/21 9:37 AM, Yajun Deng wrote: > rtnl_dereference() may be return NULL in rtnl_unregister(), > so add this case handling. > > Signed-off-by: Yajun Deng <yajun.deng@linux.dev> > --- > net/core/rtnetlink.c | 17 ++++++++++------- > 1 file changed, 10 insertions(+), 7 deletions(-) > I do not see a use case for this. None of rtnl_unregister() callers check the return value anyway. Can you elaborate ? If this was a bug fix, we would need a Fixes: tag. If this is something you need for an upcoming work, you would need to tag this for net-next tree. Thanks.
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index f6af3e74fc44..57ce22669b06 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -289,24 +289,27 @@ int rtnl_unregister(int protocol, int msgtype) struct rtnl_link __rcu **tab; struct rtnl_link *link; int msgindex; + int ret = -ENOENT; BUG_ON(protocol < 0 || protocol > RTNL_FAMILY_MAX); msgindex = rtm_msgindex(msgtype); rtnl_lock(); tab = rtnl_dereference(rtnl_msg_handlers[protocol]); - if (!tab) { - rtnl_unlock(); - return -ENOENT; - } + if (!tab) + goto unlock; link = rtnl_dereference(tab[msgindex]); - rcu_assign_pointer(tab[msgindex], NULL); - rtnl_unlock(); + if (!link) + goto unlock; + rcu_assign_pointer(tab[msgindex], NULL); kfree_rcu(link, rcu); + ret = 0; - return 0; +unlock: + rtnl_unlock(); + return ret; } EXPORT_SYMBOL_GPL(rtnl_unregister);
rtnl_dereference() may be return NULL in rtnl_unregister(), so add this case handling. Signed-off-by: Yajun Deng <yajun.deng@linux.dev> --- net/core/rtnetlink.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-)