Eric Lee / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit 7891cc818967e186be68caac32d84bfd0a3f0bd2

Authored by Herbert Xu
Committed by David S. Miller
1 parent 33966dd0e2
Exists in master and in 39 other branches 8mp-imx_5.4.70_2.3.0, 8qm-imx_5.4.70_2.3.0, emb_imx_lf-5.15.y, emb_lf-6.1.y, imx_3.0.35_4.1.0, imx_3.10.17_1.0.1_ga, imx_3.10.53_1.1.0_ga, imx_3.14.28_1.0.0_ga, imx_4.1.15_1.0.0_ga, pitx_8mp_lf-5.10.y, rt-smarc-imx_4.1.15_1.0.0_ga, rt_linux_5.15.71, smarc-8m-android-11.0.0_2.0.0, smarc-imx6_4.14.98_2.0.0_ga, smarc-imx6_4.9.88_2.0.0_ga, smarc-imx7_4.14.98_2.0.0_ga, smarc-imx7_4.9.11_1.0.0_ga, smarc-imx7_4.9.88_2.0.0_ga, smarc-imx_3.10.53_1.1.0_ga, smarc-imx_3.14.28_1.0.0_ga, smarc-imx_4.1.15_1.0.0_ga, smarc-imx_4.9.11_1.0.0_ga, smarc-imx_4.9.51_imx8m_ga, smarc-imx_4.9.88_2.0.0_ga, smarc-m6.0.1_2.1.0-ga, smarc-n7.1.2_2.0.0-ga, smarc-rel_imx_4.1.15_1.2.0_ga, smarc_8m_00d0_imx_4.14.98_2.0.0_ga, smarc_8m_imx_4.14.78_1.0.0_ga, smarc_8m_imx_4.14.98_2.0.0_ga, smarc_8m_imx_4.19.35_1.1.0, smarc_8mm_imx_4.14.78_1.0.0_ga, smarc_8mm_imx_4.14.98_2.0.0_ga, smarc_8mm_imx_4.19.35_1.1.0, smarc_8mm_imx_5.4.24_2.1.0, smarc_8mp_lf-5.10.y, smarc_8mq_imx_5.4.24_2.1.0, smarc_8mq_lf-5.10.y, smarc_imx_lf-5.15.y

ipv6: Fix fib6_dump_table walker leak 

When a fib6 table dump is prematurely ended, we won't unlink
its walker from the list.  This causes all sorts of grief for
other users of the list later.

Reported-by: Chris Caputo <ccaputo@alt.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>

Showing 1 changed file with 8 additions and 7 deletions Side-by-side Diff

... ... @@ -298,6 +298,10 @@
298 298 struct fib6_walker_t *w = (void*)cb->args[2];
299 299  
300 300 if (w) {
  301 + if (cb->args[4]) {
  302 + cb->args[4] = 0;
  303 + fib6_walker_unlink(w);
  304 + }
301 305 cb->args[2] = 0;
302 306 kfree(w);
303 307 }
304 308  
305 309  
... ... @@ -330,15 +334,12 @@
330 334 read_lock_bh(&table->tb6_lock);
331 335 res = fib6_walk_continue(w);
332 336 read_unlock_bh(&table->tb6_lock);
333   - if (res != 0) {
334   - if (res < 0)
335   - fib6_walker_unlink(w);
336   - goto end;
  337 + if (res <= 0) {
  338 + fib6_walker_unlink(w);
  339 + cb->args[4] = 0;
337 340 }
338   - fib6_walker_unlink(w);
339   - cb->args[4] = 0;
340 341 }
341   -end:
  342 +
342 343 return res;
343 344 }
344 345