[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20130619.004711.1012726896714145860.davem@davemloft.net>
Date: Wed, 19 Jun 2013 00:47:11 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: torvalds@...ux-foundation.org
Cc: johannes@...solutions.net, linville@...driver.com,
linux-wireless@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: nl80211 NULL pointer dereference
From: Linus Torvalds <torvalds@...ux-foundation.org>
Date: Tue, 18 Jun 2013 16:24:57 -1000
> And yes, the code checks that for being non-NULL in at the top of the
> function, but maybe there is a race with something else setting it to
> NULL? There is a kzalloc(GFP_KERNEL) in between, so it doesn't even
> have to be a very small race...
The nl80211 code uses a flag for each netlink command to determine
whether the RTNL mutex should be held across the operation.
This is handled in the pre_doit and post_doit methods implemented
in nl80211.c.
And this operation, in fact, just so happens to be one that doesn't
have the "take the RTNL mutex" flag set.
But for internal consistency of the netlink message itself, the RTNL
mutex should not matter. It's in a private SKB buffer which is in use
only by the ->doit() method.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists