Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp287454pxv; Thu, 8 Jul 2021 02:33:32 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwyiTKUBX2dz3nKMOviQwDtLc4LGgmwOCa1B8eU1zrBMRNLNYS/PGsL0PsDLAGrll8DuoGt X-Received: by 2002:a05:6402:5203:: with SMTP id s3mr30137415edd.353.1625736812351; Thu, 08 Jul 2021 02:33:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1625736812; cv=none; d=google.com; s=arc-20160816; b=adCXJEAhwZwWgo0FZlcTAVNzou0uNJ0YdfL3+ZQtl87IlD7JDKPL4bR2IKoZLlQZOT /I7ulRezd07Y/QBsPruKz37Dv56eNXn3kWSCfUTkFwYqah15PSOYPYp45Be94DVIA3bh CfOKtQ220lE34oa+IczVCNsRd3IImIzIv3UVht8yKxj71RN6MM31UiQwoMvOo6ejhVvY SCqWS69A4XjxXY9aaFB1ROSI3NPmnK7OcZy0XhtGkgzkoNigrJnSxZwO4/G/lkYZhOPT T2CcsQSi9p7hx69TtsK9eyD1NYm2Can0fCqmYUKsXLth1Tdk80eiyTRiySxh7uub2ZSB EdUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=F+3S4xnK9TmTf0ZoWZseFYs+ALq/OEM1GTjw6tmkjAk=; b=qhDYjTmPlL3vVUgD7jhutGEzd9AD3UoIzwswP7LW+sWO0JjVMj2RoFZwul8pORs6hU tYDNRp4B/iF6DwkApKl2uNx/IFv1xNvKxoePkNv4mivPp7PkA9NcsHAeSL9xgTSteskj 43t+Je7NCpwlUguQ55YWf7wS4aoHoexDiOp4NSQCNYzFx3GVl4LLVX5PMaE+cyntidCY tVMq2V8j72CMQKYw0HHE50kqDrmtBZUwJ8mA3IR7Hh/mbvl+anJaqzu6AQ5wL+Y4BCFb 3YpucNRRHQbVjOfXJ7W4UGGnIibGrJQdk0XYAbTOlVIiGJx75AAUmxM3LKWEU3PTfBoc 7spw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=j6onS+7D; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h3si2237462edf.193.2021.07.08.02.33.10; Thu, 08 Jul 2021 02:33:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=j6onS+7D; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231493AbhGHJco (ORCPT + 99 others); Thu, 8 Jul 2021 05:32:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38460 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231483AbhGHJcn (ORCPT ); Thu, 8 Jul 2021 05:32:43 -0400 Received: from out1.migadu.com (out1.migadu.com [IPv6:2001:41d0:2:863f::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 592EAC06175F; Thu, 8 Jul 2021 02:30:02 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1625736598; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=F+3S4xnK9TmTf0ZoWZseFYs+ALq/OEM1GTjw6tmkjAk=; b=j6onS+7DFYt1n5sXnypetUJq5castzHqm7cgZ1KX9nqLEDiAAFHVdeAztdSbMii3cHoS4M 8rMwIaouzxrpFmHWFqfpMva0RX+419g2osXXVkpoYtA2srSR+BSQSFV89PSzEH6qCvoCYb 3quJTGIUy17k3fDL3ZsCN2LTJPp3NHQ= From: Yajun Deng To: davem@davemloft.net, kuba@kernel.org, ryazanov.s.a@gmail.com, johannes.berg@intel.com, avagin@gmail.com, vladimir.oltean@nxp.com, cong.wang@bytedance.com, roopa@cumulusnetworks.com, yajun.deng@linux.dev, zhudi21@huawei.com, edumazet@google.com Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2] net: rtnetlink: Fix rtnl_dereference may be return NULL Date: Thu, 8 Jul 2021 17:29:36 +0800 Message-Id: <20210708092936.20044-1-yajun.deng@linux.dev> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: yajun.deng@linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The value 'link' may be NULL in rtnl_unregister(), this leads to kfree_rcu(NULL, xxx), so add this case handling. And modify the return value to 'void' in rtnl_unregister(). there is no case using it. Fixes: addf9b90de22 (net: rtnetlink: use rcu to free rtnl message handlers) Fixes: 51e13685bd93 (rtnetlink: RCU-annotate both dimensions of rtnl_msg_handlers) Signed-off-by: Yajun Deng --- include/net/rtnetlink.h | 2 +- net/core/rtnetlink.c | 18 ++++++++---------- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/include/net/rtnetlink.h b/include/net/rtnetlink.h index 384e800665f2..9d263ad9ea48 100644 --- a/include/net/rtnetlink.h +++ b/include/net/rtnetlink.h @@ -17,7 +17,7 @@ void rtnl_register(int protocol, int msgtype, rtnl_doit_func, rtnl_dumpit_func, unsigned int flags); int rtnl_register_module(struct module *owner, int protocol, int msgtype, rtnl_doit_func, rtnl_dumpit_func, unsigned int flags); -int rtnl_unregister(int protocol, int msgtype); +void rtnl_unregister(int protocol, int msgtype); void rtnl_unregister_all(int protocol); static inline int rtnl_msg_family(const struct nlmsghdr *nlh) diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index f6af3e74fc44..e80177c195a5 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -281,10 +281,8 @@ void rtnl_register(int protocol, int msgtype, * rtnl_unregister - Unregister a rtnetlink message type * @protocol: Protocol family or PF_UNSPEC * @msgtype: rtnetlink message type - * - * Returns 0 on success or a negative error code. */ -int rtnl_unregister(int protocol, int msgtype) +void rtnl_unregister(int protocol, int msgtype) { struct rtnl_link __rcu **tab; struct rtnl_link *link; @@ -295,18 +293,18 @@ int rtnl_unregister(int protocol, int msgtype) rtnl_lock(); tab = rtnl_dereference(rtnl_msg_handlers[protocol]); - if (!tab) { - rtnl_unlock(); - return -ENOENT; - } + if (!tab) + goto unlock; link = rtnl_dereference(tab[msgindex]); - rcu_assign_pointer(tab[msgindex], NULL); - rtnl_unlock(); + if (!link) + goto unlock; + rcu_assign_pointer(tab[msgindex], NULL); kfree_rcu(link, rcu); - return 0; +unlock: + rtnl_unlock(); } EXPORT_SYMBOL_GPL(rtnl_unregister); -- 2.32.0