[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <536B7D34.4050104@huawei.com>
Date: Thu, 8 May 2014 20:48:52 +0800
From: Wang Weidong <wangweidong1@...wei.com>
To: Eric Dumazet <eric.dumazet@...il.com>
CC: David Miller <davem@...emloft.net>, <kuznet@....inr.ac.ru>,
<jmorris@...ei.org>, <yoshfuji@...ux-ipv6.org>, <kaber@...sh.net>,
<netdev@...r.kernel.org>
Subject: Re: [PATCH net-next] ipv4: fix kfree static array pointer in ipv4_sysctl_exit_net
On 2014/5/8 20:34, Eric Dumazet wrote:
> On Thu, 2014-05-08 at 15:40 +0800, Wang Weidong wrote:
>> In ipv4_sysctl_init_net, we don't kmemdup a sysctl_table for init_net,
>> so init_net->ipv4.ipv4_hdr->ctl_table_arg points to ipv4_net_table which
>> is a static array pointer. So when do ipv4_sysctl_exit_net, it will
>> free the ipv4_net_table for init_net.
>>
>> So add a check net_namespace init_net before kfree the sysctl_table.
>>
>> Signed-off-by: Wang Weidong <wangweidong1@...wei.com>
>> ---
>> net/ipv4/sysctl_net_ipv4.c | 3 ++-
>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
>> index 44eba05..2825577 100644
>> --- a/net/ipv4/sysctl_net_ipv4.c
>> +++ b/net/ipv4/sysctl_net_ipv4.c
>> @@ -891,7 +891,8 @@ static __net_exit void ipv4_sysctl_exit_net(struct net *net)
>>
>> table = net->ipv4.ipv4_hdr->ctl_table_arg;
>> unregister_net_sysctl_table(net->ipv4.ipv4_hdr);
>> - kfree(table);
>> + if (!net_eq(net, &init_net))
>> + kfree(table);
>> }
>>
>> static __net_initdata struct pernet_operations ipv4_sysctl_ops = {
>
> Could you explain how you can trigger this case, calling
> ipv4_sysctl_exit_net() with net == &init_net ?
>
> This would be a bug, your patch would try to hide it maybe ?
>
No.
I just trigger the similar case on sctp when I do 'rmmod -f sctp'.
Here I add the init_net case for sctp register sysctl.
Is it better to add BUG_ON(net == &init_net) maybe?
Regards
Wang
>
>
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists