[net-2.6] key: Free dumping state on socket close

Message ID	48E35713.6030200@iki.fi
State	Accepted, archived
Headers	show Return-Path: <netdev-owner@vger.kernel.org> DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject :x-enigmail-version:content-type:content-transfer-encoding:sender; b=nm2Xala1FXdwkfQBEmPpe4AB4y7A/WWgKIib3fLMFqjZf+U7L7UwCW8QyQ48wdJpvf UoTjcEzsLVZabX2oQzLVIb4RjyYxdZs3UqfCjkh6inhzkN4fSnErvho8Akd/3sNhw474 FMRPSYSJ7UQI7NHScvqK8PtVZaoaa5ilrGhS0= Message-ID: <48E35713.6030200@iki.fi> Date: Wed, 01 Oct 2008 13:55:15 +0300 From: =?ISO-8859-1?Q?Timo_Ter=E4s?= <timo.teras@iki.fi> User-Agent: Thunderbird 2.0.0.17 (X11/20080925) MIME-Version: 1.0 To: netdev@vger.kernel.org Subject: [PATCH net-2.6] key: Free dumping state on socket close Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: netdev-owner@vger.kernel.org Precedence: bulk

Message ID

48E35713.6030200@iki.fi

State

Accepted, archived

Headers

DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:user-agent:mime-version:to:subject
	:x-enigmail-version:content-type:content-transfer-encoding:sender;
	b=nm2Xala1FXdwkfQBEmPpe4AB4y7A/WWgKIib3fLMFqjZf+U7L7UwCW8QyQ48wdJpvf
	UoTjcEzsLVZabX2oQzLVIb4RjyYxdZs3UqfCjkh6inhzkN4fSnErvho8Akd/3sNhw474
	FMRPSYSJ7UQI7NHScvqK8PtVZaoaa5ilrGhS0=
Message-ID: <48E35713.6030200@iki.fi>
Date: Wed, 01 Oct 2008 13:55:15 +0300
From: =?ISO-8859-1?Q?Timo_Ter=E4s?= <timo.teras@iki.fi>
User-Agent: Thunderbird 2.0.0.17 (X11/20080925)
MIME-Version: 1.0
To: netdev@vger.kernel.org
Subject: [PATCH net-2.6] key: Free dumping state on socket close
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Commit Message

Timo Teras Oct. 1, 2008, 10:55 a.m. UTC

Fix a xfrm_{state,policy}_walk leak if pfkey socket is closed while
dumping is on-going.

Signed-off-by: Timo Teras <timo.teras@iki.fi>
---
Should go to -stable too.

 net/key/af_key.c |   30 +++++++++++++++++++-----------
 1 files changed, 19 insertions(+), 11 deletions(-)

Comments

David Miller Oct. 1, 2008, 12:34 p.m. UTC | #1

From: Timo Teräs <timo.teras@iki.fi>
Date: Wed, 01 Oct 2008 13:55:15 +0300

> Fix a xfrm_{state,policy}_walk leak if pfkey socket is closed while
> dumping is on-going.
> 
> Signed-off-by: Timo Teras <timo.teras@iki.fi>
> ---
> Should go to -stable too.

Applied and queued for -stable, thanks!
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/net/key/af_key.c b/net/key/af_key.c
index d628df9..b7f5a1c 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -73,22 +73,18 @@  static int pfkey_can_dump(struct sock *sk)
 	return 0;
 }
 
-static int pfkey_do_dump(struct pfkey_sock *pfk)
+static void pfkey_terminate_dump(struct pfkey_sock *pfk)
 {
-	int rc;
-
-	rc = pfk->dump.dump(pfk);
-	if (rc == -ENOBUFS)
-		return 0;
-
-	pfk->dump.done(pfk);
-	pfk->dump.dump = NULL;
-	pfk->dump.done = NULL;
-	return rc;
+	if (pfk->dump.dump) {
+		pfk->dump.done(pfk);
+		pfk->dump.dump = NULL;
+		pfk->dump.done = NULL;
+	}
 }
 
 static void pfkey_sock_destruct(struct sock *sk)
 {
+	pfkey_terminate_dump(pfkey_sk(sk));
 	skb_queue_purge(&sk->sk_receive_queue);
 
 	if (!sock_flag(sk, SOCK_DEAD)) {
@@ -310,6 +306,18 @@  static int pfkey_broadcast(struct sk_buff *skb, gfp_t allocation,
 	return err;
 }
 
+static int pfkey_do_dump(struct pfkey_sock *pfk)
+{
+	int rc;
+
+	rc = pfk->dump.dump(pfk);
+	if (rc == -ENOBUFS)
+		return 0;
+
+	pfkey_terminate_dump(pfk);
+	return rc;
+}
+
 static inline void pfkey_hdr_dup(struct sadb_msg *new, struct sadb_msg *orig)
 {
 	*new = *orig;

[net-2.6] key: Free dumping state on socket close

Commit Message

Comments

Patch