| Message ID | 20180314201023.12407-1-nicolas.dichtel@6wind.com |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
| Series | [net] netlink: avoid a double skb free in genlmsg_mcast() | expand |
From: Nicolas Dichtel <nicolas.dichtel@6wind.com> Date: Wed, 14 Mar 2018 21:10:23 +0100 > nlmsg_multicast() consumes always the skb, thus the original skb must be > freed only when this function is called with a clone. > > Fixes: cb9f7a9a5c96 ("netlink: ensure to loop over all netns in genlmsg_multicast_allns()") > Reported-by: Ben Hutchings <ben.hutchings@codethink.co.uk> > Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Yeah these "clone until final send" loops can be tricky to manage. Good catch, applied and queued up for -stable, thanks.
diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c index 6f02499ef007..b9ce82c9440f 100644 --- a/net/netlink/genetlink.c +++ b/net/netlink/genetlink.c @@ -1106,7 +1106,7 @@ static int genlmsg_mcast(struct sk_buff *skb, u32 portid, unsigned long group, if (!err) delivered = true; else if (err != -ESRCH) - goto error; + return err; return delivered ? 0 : -ESRCH; error: kfree_skb(skb);
nlmsg_multicast() consumes always the skb, thus the original skb must be freed only when this function is called with a clone. Fixes: cb9f7a9a5c96 ("netlink: ensure to loop over all netns in genlmsg_multicast_allns()") Reported-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> --- net/netlink/genetlink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)