kernel will crash in oops if genlmsg_put return NULL,
so add the sanity check.
Signed-off-by: Haishuang Yan <[email protected]>
---
net/openvswitch/datapath.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c
index 2d4c4d3..ceb1b1e 100644
--- a/net/openvswitch/datapath.c
+++ b/net/openvswitch/datapath.c
@@ -474,6 +474,10 @@ static int queue_userspace_packet(struct datapath *dp, struct sk_buff *skb,
upcall = genlmsg_put(user_skb, 0, 0, &dp_packet_genl_family,
0, upcall_info->cmd);
+ if (!upcall) {
+ err = -EMSGSIZE;
+ goto out;
+ }
upcall->dp_ifindex = dp_ifindex;
err = ovs_nla_put_key(key, key, OVS_PACKET_ATTR_KEY, false, user_skb);
--
1.8.3.1
On Mon, Nov 28, 2016 at 8:36 PM, Haishuang Yan
<[email protected]> wrote:
> kernel will crash in oops if genlmsg_put return NULL,
> so add the sanity check.
>
> Signed-off-by: Haishuang Yan <[email protected]>
> ---
> net/openvswitch/datapath.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c
> index 2d4c4d3..ceb1b1e 100644
> --- a/net/openvswitch/datapath.c
> +++ b/net/openvswitch/datapath.c
> @@ -474,6 +474,10 @@ static int queue_userspace_packet(struct datapath *dp, struct sk_buff *skb,
>
> upcall = genlmsg_put(user_skb, 0, 0, &dp_packet_genl_family,
> 0, upcall_info->cmd);
> + if (!upcall) {
> + err = -EMSGSIZE;
> + goto out;
> + }
user_skb has already enough space allocated, so there is no need to
check upcall pointer.