2021-07-08 07:39:41

by Yajun Deng

Subject: [PATCH] net: rtnetlink: Fix rtnl_dereference return value is NULL

rtnl_dereference() may be return NULL in rtnl_unregister(),
so add this case handling.

Signed-off-by: Yajun Deng <[email protected]>
---
net/core/rtnetlink.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index f6af3e74fc44..57ce22669b06 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -289,24 +289,27 @@ int rtnl_unregister(int protocol, int msgtype)
struct rtnl_link __rcu **tab;
struct rtnl_link *link;
int msgindex;
+ int ret = -ENOENT;

BUG_ON(protocol < 0 || protocol > RTNL_FAMILY_MAX);
msgindex = rtm_msgindex(msgtype);

rtnl_lock();
tab = rtnl_dereference(rtnl_msg_handlers[protocol]);
- if (!tab) {
- rtnl_unlock();
- return -ENOENT;
- }
+ if (!tab)
+ goto unlock;

link = rtnl_dereference(tab[msgindex]);
- rcu_assign_pointer(tab[msgindex], NULL);
- rtnl_unlock();
+ if (!link)
+ goto unlock;

+ rcu_assign_pointer(tab[msgindex], NULL);
kfree_rcu(link, rcu);
+ ret = 0;

- return 0;
+unlock:
+ rtnl_unlock();
+ return ret;
}
EXPORT_SYMBOL_GPL(rtnl_unregister);

--
2.32.0

2021-07-08 08:09:55

by Eric Dumazet

Subject: Re: [PATCH] net: rtnetlink: Fix rtnl_dereference return value is NULL

On 7/8/21 9:37 AM, Yajun Deng wrote:
> rtnl_dereference() may be return NULL in rtnl_unregister(),
> so add this case handling.
>
> Signed-off-by: Yajun Deng <[email protected]>
> ---
> net/core/rtnetlink.c | 17 ++++++++++-------
> 1 file changed, 10 insertions(+), 7 deletions(-)
>

I do not see a use case for this.
None of rtnl_unregister() callers check the return value anyway.

Can you elaborate ?

If this was a bug fix, we would need a Fixes: tag.

If this is something you need for an upcoming work, you would need to tag
this for net-next tree.

Thanks.