Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/1375587/?format=api
{ "id": 1375587, "url": "http://patchwork.ozlabs.org/api/patches/1375587/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netdev/patch/20201002094604.480c760e3c47.I7811da1539351a26cd0e5a10b98a8842cfbc1b55@changeid/", "project": { "id": 7, "url": "http://patchwork.ozlabs.org/api/projects/7/?format=api", "name": "Linux network development", "link_name": "netdev", "list_id": "netdev.vger.kernel.org", "list_email": "netdev@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20201002094604.480c760e3c47.I7811da1539351a26cd0e5a10b98a8842cfbc1b55@changeid>", "list_archive_url": null, "date": "2020-10-02T07:46:04", "name": "netlink: fix policy dump leak", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": false, "hash": "ab63d6d259959ee461184ce665e1f0404ee930d3", "submitter": { "id": 265, "url": "http://patchwork.ozlabs.org/api/people/265/?format=api", "name": "Johannes Berg", "email": "johannes@sipsolutions.net" }, "delegate": { "id": 34, "url": "http://patchwork.ozlabs.org/api/users/34/?format=api", "username": "davem", "first_name": "David", "last_name": "Miller", "email": "davem@davemloft.net" }, "mbox": "http://patchwork.ozlabs.org/project/netdev/patch/20201002094604.480c760e3c47.I7811da1539351a26cd0e5a10b98a8842cfbc1b55@changeid/mbox/", "series": [ { "id": 205530, "url": "http://patchwork.ozlabs.org/api/series/205530/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netdev/list/?series=205530", "date": "2020-10-02T07:46:04", "name": "netlink: fix policy dump leak", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/205530/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/1375587/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/1375587/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<netdev-owner@vger.kernel.org>", "X-Original-To": "patchwork-incoming-netdev@ozlabs.org", "Delivered-To": "patchwork-incoming-netdev@ozlabs.org", "Authentication-Results": [ "ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=23.128.96.18; helo=vger.kernel.org;\n envelope-from=netdev-owner@vger.kernel.org; receiver=<UNKNOWN>)", "ozlabs.org;\n dmarc=none (p=none dis=none) header.from=sipsolutions.net" ], "Received": [ "from vger.kernel.org (vger.kernel.org [23.128.96.18])\n\tby ozlabs.org (Postfix) with ESMTP id 4C2hrs1JcFz9sSC\n\tfor <patchwork-incoming-netdev@ozlabs.org>;\n Fri, 2 Oct 2020 17:46:37 +1000 (AEST)", "(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n id S1726292AbgJBHqg (ORCPT\n <rfc822;patchwork-incoming-netdev@ozlabs.org>);\n Fri, 2 Oct 2020 03:46:36 -0400", "from lindbergh.monkeyblade.net ([23.128.96.19]:49086 \"EHLO\n lindbergh.monkeyblade.net\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n with ESMTP id S1725971AbgJBHqf (ORCPT\n <rfc822;netdev@vger.kernel.org>); Fri, 2 Oct 2020 03:46:35 -0400", "from sipsolutions.net (s3.sipsolutions.net\n [IPv6:2a01:4f8:191:4433::2])\n by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B7D38C0613D0\n for <netdev@vger.kernel.org>; Fri, 2 Oct 2020 00:46:35 -0700 (PDT)", "by sipsolutions.net with esmtpsa\n (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)\n (Exim 4.94)\n (envelope-from <johannes@sipsolutions.net>)\n id 1kOFlx-00F7Ma-3e; Fri, 02 Oct 2020 09:46:33 +0200" ], "From": "Johannes Berg <johannes@sipsolutions.net>", "To": "netdev@vger.kernel.org", "Cc": "Jakub Kicinski <kuba@kernel.org>,\n Johannes Berg <johannes.berg@intel.com>", "Subject": "[PATCH] netlink: fix policy dump leak", "Date": "Fri, 2 Oct 2020 09:46:04 +0200", "Message-Id": "\n <20201002094604.480c760e3c47.I7811da1539351a26cd0e5a10b98a8842cfbc1b55@changeid>", "X-Mailer": "git-send-email 2.26.2", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Precedence": "bulk", "List-ID": "<netdev.vger.kernel.org>", "X-Mailing-List": "netdev@vger.kernel.org" }, "content": "From: Johannes Berg <johannes.berg@intel.com>\n\nIf userspace doesn't complete the policy dump, we leak the\nallocated state. Fix this.\n\nFixes: d07dcf9aadd6 (\"netlink: add infrastructure to expose policies to userspace\")\nSigned-off-by: Johannes Berg <johannes.berg@intel.com>\n---\nFound this while looking at Jakub's series and the complete op dump\nthat I said I'd do ...\n\nJakub, this conflicts with your series now, of course. Not sure how\nwe want to handle that?\n---\n include/net/netlink.h | 3 ++-\n net/netlink/genetlink.c | 9 ++++++++-\n net/netlink/policy.c | 24 ++++++++++--------------\n 3 files changed, 20 insertions(+), 16 deletions(-)", "diff": "diff --git a/include/net/netlink.h b/include/net/netlink.h\nindex 8e0eb2c9c528..271620f6bc7f 100644\n--- a/include/net/netlink.h\n+++ b/include/net/netlink.h\n@@ -1934,7 +1934,8 @@ void nla_get_range_signed(const struct nla_policy *pt,\n int netlink_policy_dump_start(const struct nla_policy *policy,\n \t\t\t unsigned int maxtype,\n \t\t\t unsigned long *state);\n-bool netlink_policy_dump_loop(unsigned long *state);\n+bool netlink_policy_dump_loop(unsigned long state);\n int netlink_policy_dump_write(struct sk_buff *skb, unsigned long state);\n+void netlink_policy_dump_free(unsigned long state);\n \n #endif\ndiff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c\nindex 1eb65a7a27fd..c4b4d3376227 100644\n--- a/net/netlink/genetlink.c\n+++ b/net/netlink/genetlink.c\n@@ -1079,7 +1079,7 @@ static int ctrl_dumppolicy(struct sk_buff *skb, struct netlink_callback *cb)\n \tif (err)\n \t\treturn err;\n \n-\twhile (netlink_policy_dump_loop(&cb->args[1])) {\n+\twhile (netlink_policy_dump_loop(cb->args[1])) {\n \t\tvoid *hdr;\n \t\tstruct nlattr *nest;\n \n@@ -1113,6 +1113,12 @@ static int ctrl_dumppolicy(struct sk_buff *skb, struct netlink_callback *cb)\n \treturn skb->len;\n }\n \n+static int ctrl_dumppolicy_done(struct netlink_callback *cb)\n+{\n+\tnetlink_policy_dump_free(cb->args[1]);\n+\treturn 0;\n+}\n+\n static const struct genl_ops genl_ctrl_ops[] = {\n \t{\n \t\t.cmd\t\t= CTRL_CMD_GETFAMILY,\n@@ -1123,6 +1129,7 @@ static const struct genl_ops genl_ctrl_ops[] = {\n \t{\n \t\t.cmd\t\t= CTRL_CMD_GETPOLICY,\n \t\t.dumpit\t\t= ctrl_dumppolicy,\n+\t\t.done\t\t= ctrl_dumppolicy_done,\n \t},\n };\n \ndiff --git a/net/netlink/policy.c b/net/netlink/policy.c\nindex 641ffbdd977a..0176b59ce530 100644\n--- a/net/netlink/policy.c\n+++ b/net/netlink/policy.c\n@@ -84,7 +84,6 @@ int netlink_policy_dump_start(const struct nla_policy *policy,\n \tunsigned int policy_idx;\n \tint err;\n \n-\t/* also returns 0 if \"*_state\" is our ERR_PTR() end marker */\n \tif (*_state)\n \t\treturn 0;\n \n@@ -140,21 +139,11 @@ static bool netlink_policy_dump_finished(struct nl_policy_dump *state)\n \t !state->policies[state->policy_idx].policy;\n }\n \n-bool netlink_policy_dump_loop(unsigned long *_state)\n+bool netlink_policy_dump_loop(unsigned long _state)\n {\n-\tstruct nl_policy_dump *state = (void *)*_state;\n-\n-\tif (IS_ERR(state))\n-\t\treturn false;\n-\n-\tif (netlink_policy_dump_finished(state)) {\n-\t\tkfree(state);\n-\t\t/* store end marker instead of freed state */\n-\t\t*_state = (unsigned long)ERR_PTR(-ENOENT);\n-\t\treturn false;\n-\t}\n+\tstruct nl_policy_dump *state = (void *)_state;\n \n-\treturn true;\n+\treturn !netlink_policy_dump_finished(state);\n }\n \n int netlink_policy_dump_write(struct sk_buff *skb, unsigned long _state)\n@@ -309,3 +298,10 @@ int netlink_policy_dump_write(struct sk_buff *skb, unsigned long _state)\n \tnla_nest_cancel(skb, policy);\n \treturn -ENOBUFS;\n }\n+\n+void netlink_policy_dump_free(unsigned long _state)\n+{\n+\tstruct nl_policy_dump *state = (void *)_state;\n+\n+\tkfree(state);\n+}\n", "prefixes": [] }