ipv6: Fix fib6_dump_table walker leak
When a fib6 table dump is prematurely ended, we won't unlink its walker from the list. This causes all sorts of grief for other users of the list later. Reported-by: Chris Caputo <ccaputo@alt.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>hifive-unleashed-5.1
parent
33966dd0e2
commit
7891cc8189
|
@ -298,6 +298,10 @@ static void fib6_dump_end(struct netlink_callback *cb)
|
||||||
struct fib6_walker_t *w = (void*)cb->args[2];
|
struct fib6_walker_t *w = (void*)cb->args[2];
|
||||||
|
|
||||||
if (w) {
|
if (w) {
|
||||||
|
if (cb->args[4]) {
|
||||||
|
cb->args[4] = 0;
|
||||||
|
fib6_walker_unlink(w);
|
||||||
|
}
|
||||||
cb->args[2] = 0;
|
cb->args[2] = 0;
|
||||||
kfree(w);
|
kfree(w);
|
||||||
}
|
}
|
||||||
|
@ -330,15 +334,12 @@ static int fib6_dump_table(struct fib6_table *table, struct sk_buff *skb,
|
||||||
read_lock_bh(&table->tb6_lock);
|
read_lock_bh(&table->tb6_lock);
|
||||||
res = fib6_walk_continue(w);
|
res = fib6_walk_continue(w);
|
||||||
read_unlock_bh(&table->tb6_lock);
|
read_unlock_bh(&table->tb6_lock);
|
||||||
if (res != 0) {
|
if (res <= 0) {
|
||||||
if (res < 0)
|
fib6_walker_unlink(w);
|
||||||
fib6_walker_unlink(w);
|
cb->args[4] = 0;
|
||||||
goto end;
|
|
||||||
}
|
}
|
||||||
fib6_walker_unlink(w);
|
|
||||||
cb->args[4] = 0;
|
|
||||||
}
|
}
|
||||||
end:
|
|
||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue