On Mon, Apr 1, 2019 at 1:05 AM dust.li <[email protected]> wrote:
>
> From: Dust Li <[email protected]>
>
> When tcp_sk_init() failed in inet_ctl_sock_create(),
> 'net->ipv4.tcp_congestion_control' will be left
> uninitialized, but tcp_sk_exit() hasn't check for
> that.
>
> This patch add checking on 'net->ipv4.tcp_congestion_control'
> in tcp_sk_exit() to prevent NULL-ptr dereference.
>
> Signed-off-by: Dust Li <[email protected]>
Fixes: 6670e1524477 ("tcp: Namespace-ify sysctl_tcp_default_congestion_control")
Signed-off-by: Eric Dumazet <[email protected]>
Thanks.
> ---
> net/ipv4/tcp_ipv4.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
> index 277d71239d75..2f8039a26b08 100644
> --- a/net/ipv4/tcp_ipv4.c
> +++ b/net/ipv4/tcp_ipv4.c
> @@ -2578,7 +2578,8 @@ static void __net_exit tcp_sk_exit(struct net *net)
> {
> int cpu;
>
> - module_put(net->ipv4.tcp_congestion_control->owner);
> + if (net->ipv4.tcp_congestion_control)
> + module_put(net->ipv4.tcp_congestion_control->owner);
>
> for_each_possible_cpu(cpu)
> inet_ctl_sock_destroy(*per_cpu_ptr(net->ipv4.tcp_sk, cpu));
> --
> 2.14.4.44.g2045bb6
>
From: Eric Dumazet <[email protected]>
Date: Mon, 1 Apr 2019 02:23:39 -0700
> On Mon, Apr 1, 2019 at 1:05 AM dust.li <[email protected]> wrote:
>>
>> From: Dust Li <[email protected]>
>>
>> When tcp_sk_init() failed in inet_ctl_sock_create(),
>> 'net->ipv4.tcp_congestion_control' will be left
>> uninitialized, but tcp_sk_exit() hasn't check for
>> that.
>>
>> This patch add checking on 'net->ipv4.tcp_congestion_control'
>> in tcp_sk_exit() to prevent NULL-ptr dereference.
>>
>> Signed-off-by: Dust Li <[email protected]>
>
> Fixes: 6670e1524477 ("tcp: Namespace-ify sysctl_tcp_default_congestion_control")
> Signed-off-by: Eric Dumazet <[email protected]>
This patch didn't make it to the list for whatever reason, but I applied it and
have it queued up for -stable.
Thanks.