Re: [PATCH] fix use after free in netlink_kernel_create()

From: Andrew Morton
Date: Sun Aug 13 2006 - 13:41:54 EST

Next message: Alan Cox: "Re: [PATCH for review] [123/145] i386: make fault notifierunconditional and export it"
Previous message: Andrew Morton: "Re: 2.6.18-rc3-mm2 (+ hotfixes): GPF related to skge on suspend"
In reply to: Patrick McHardy: "Re: [PATCH] fix use after free in netlink_kernel_create()"
Next in thread: Patrick McHardy: "Re: [PATCH] fix use after free in netlink_kernel_create()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 13 Aug 2006 13:52:58 +0200
Patrick McHardy <kaber@xxxxxxxxx> wrote:

> Akinobu Mita wrote:
> > This patch invalidates nl_table by setting NULL when netlink
> > initialization failed. Otherwise netlink_kernel_create() would
> > access nl_table which has already been freed.
>
>
> Quite a few users of netlink_kernel_create will panic when creating
> the socket fails (rtnetlink for example, which is always present),
> so you might as well call panic here directly.

That's a bit lame. Panicing at do_initcalls() time is OK (something is
seriously screwed anyway) but we usually try to handle the ENOMEM nicely if
it happens at modprobe-time.

(It's all pretty theoretical anyway - reasonable-sized GFP_KERNEL
allocations don't fail).

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: [PATCH for review] [123/145] i386: make fault notifierunconditional and export it"
Previous message: Andrew Morton: "Re: 2.6.18-rc3-mm2 (+ hotfixes): GPF related to skge on suspend"
In reply to: Patrick McHardy: "Re: [PATCH] fix use after free in netlink_kernel_create()"
Next in thread: Patrick McHardy: "Re: [PATCH] fix use after free in netlink_kernel_create()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]