summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHannes Frederic Sowa <hannes@stressinduktion.org>2013-09-21 16:56:10 +0200
committerDavid S. Miller <davem@davemloft.net>2013-09-27 17:32:17 -0400
commit0a67d3efa4e3223452c96d8c962d7c077ef80ff3 (patch)
tree7a6690e9cf93deb539b25dd006f11e555c3ae3a6
parent8d2ca1d7b5c3e63b3a8a81ae99015b615c5f2bf7 (diff)
downloadlinux-0a67d3efa4e3223452c96d8c962d7c077ef80ff3.tar.gz
ipv6: compare sernum when walking fib for /proc/net/ipv6_route as safety net
This patch provides an additional safety net against NULL pointer dereferences while walking the fib trie for the new /proc/net/ipv6_route walkers. I never needed it myself and am unsure if it is needed at all, but the same checks where introduced in 2bec5a369ee79576a3eea2c23863325089785a2c ("ipv6: fib: fix crash when changing large fib while dumping it") to fix NULL pointer bugs. This patch is separated from the first patch to make it easier to revert if we are sure we can drop this logic. Cc: Ben Greear <greearb@candelatech.com> Cc: Patrick McHardy <kaber@trash.net> Cc: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/ipv6/ip6_fib.c14
1 files changed, 14 insertions, 0 deletions
diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c
index 05ffa54fcf21..5550a8113a6d 100644
--- a/net/ipv6/ip6_fib.c
+++ b/net/ipv6/ip6_fib.c
@@ -1771,6 +1771,7 @@ struct ipv6_route_iter {
struct fib6_walker_t w;
loff_t skip;
struct fib6_table *tbl;
+ __u32 sernum;
};
static int ipv6_route_seq_show(struct seq_file *seq, void *v)
@@ -1823,6 +1824,7 @@ static void ipv6_route_seq_setup_walk(struct ipv6_route_iter *iter)
iter->w.state = FWS_INIT;
iter->w.node = iter->w.root;
iter->w.args = iter;
+ iter->sernum = iter->w.root->fn_sernum;
INIT_LIST_HEAD(&iter->w.lh);
fib6_walker_link(&iter->w);
}
@@ -1848,6 +1850,17 @@ static struct fib6_table *ipv6_route_seq_next_table(struct fib6_table *tbl,
return hlist_entry_safe(node, struct fib6_table, tb6_hlist);
}
+static void ipv6_route_check_sernum(struct ipv6_route_iter *iter)
+{
+ if (iter->sernum != iter->w.root->fn_sernum) {
+ iter->sernum = iter->w.root->fn_sernum;
+ iter->w.state = FWS_INIT;
+ iter->w.node = iter->w.root;
+ WARN_ON(iter->w.skip);
+ iter->w.skip = iter->w.count;
+ }
+}
+
static void *ipv6_route_seq_next(struct seq_file *seq, void *v, loff_t *pos)
{
int r;
@@ -1865,6 +1878,7 @@ static void *ipv6_route_seq_next(struct seq_file *seq, void *v, loff_t *pos)
}
iter_table:
+ ipv6_route_check_sernum(iter);
read_lock(&iter->tbl->tb6_lock);
r = fib6_walk_continue(&iter->w);
read_unlock(&iter->tbl->tb6_lock);