https://github.com/torvalds/linux
Revision 62ff373da2534534c55debe6c724c7fe14adb97f authored by Chen Zhongjin on 01 November 2022, 09:37:22 UTC, committed by Jakub Kicinski on 03 November 2022, 03:42:09 UTC
In smc_init(), register_pernet_subsys(&smc_net_stat_ops) is called
without any error handling.
If it fails, registering of &smc_net_ops won't be reverted.
And if smc_nl_init() fails, &smc_net_stat_ops itself won't be reverted.
This leaves wild ops in subsystem linkedlist and when another module
tries to call register_pernet_operations() it triggers page fault:
BUG: unable to handle page fault for address: fffffbfff81b964c
RIP: 0010:register_pernet_operations+0x1b9/0x5f0
Call Trace:
<TASK>
register_pernet_subsys+0x29/0x40
ebtables_init+0x58/0x1000 [ebtables]
...
Fixes: 194730a9beb5 ("net/smc: Make SMC statistics network namespace aware")
Signed-off-by: Chen Zhongjin <chenzhongjin@huawei.com>
Reviewed-by: Tony Lu <tonylu@linux.alibaba.com>
Reviewed-by: Wenjia Zhang <wenjia@linux.ibm.com>
Link: https://lore.kernel.org/r/20221101093722.127223-1-chenzhongjin@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
1 parent 2ae3411
Tip revision: 62ff373da2534534c55debe6c724c7fe14adb97f authored by Chen Zhongjin on 01 November 2022, 09:37:22 UTC
net/smc: Fix possible leaked pernet namespace in smc_init()
net/smc: Fix possible leaked pernet namespace in smc_init()
Tip revision: 62ff373
| File | Mode | Size |
|---|---|---|
| Makefile | -rw-r--r-- | 366 bytes |
| advise.c | -rw-r--r-- | 2.1 KB |
| advise.h | -rw-r--r-- | 316 bytes |
| alloc_cache.h | -rw-r--r-- | 1.1 KB |
| cancel.c | -rw-r--r-- | 7.2 KB |
| cancel.h | -rw-r--r-- | 579 bytes |
| epoll.c | -rw-r--r-- | 1.5 KB |
| epoll.h | -rw-r--r-- | 213 bytes |
| fdinfo.c | -rw-r--r-- | 6.5 KB |
| fdinfo.h | -rw-r--r-- | 100 bytes |
| filetable.c | -rw-r--r-- | 4.4 KB |
| filetable.h | -rw-r--r-- | 2.1 KB |
| fs.c | -rw-r--r-- | 6.6 KB |
| fs.h | -rw-r--r-- | 929 bytes |
| io-wq.c | -rw-r--r-- | 33.4 KB |
| io-wq.h | -rw-r--r-- | 2.0 KB |
| io_uring.c | -rw-r--r-- | 105.9 KB |
| io_uring.h | -rw-r--r-- | 9.6 KB |
| kbuf.c | -rw-r--r-- | 13.2 KB |
| kbuf.h | -rw-r--r-- | 3.6 KB |
| msg_ring.c | -rw-r--r-- | 4.1 KB |
| msg_ring.h | -rw-r--r-- | 178 bytes |
| net.c | -rw-r--r-- | 35.9 KB |
| net.h | -rw-r--r-- | 2.2 KB |
| nop.c | -rw-r--r-- | 498 bytes |
| nop.h | -rw-r--r-- | 168 bytes |
| notif.c | -rw-r--r-- | 1.8 KB |
| notif.h | -rw-r--r-- | 896 bytes |
| opdef.c | -rw-r--r-- | 11.9 KB |
| opdef.h | -rw-r--r-- | 1.3 KB |
| openclose.c | -rw-r--r-- | 6.1 KB |
| openclose.h | -rw-r--r-- | 596 bytes |
| poll.c | -rw-r--r-- | 25.6 KB |
| poll.h | -rw-r--r-- | 1006 bytes |
| refs.h | -rw-r--r-- | 1.2 KB |
| rsrc.c | -rw-r--r-- | 31.4 KB |
| rsrc.h | -rw-r--r-- | 4.5 KB |
| rw.c | -rw-r--r-- | 27.1 KB |
| rw.h | -rw-r--r-- | 705 bytes |
| slist.h | -rw-r--r-- | 3.0 KB |
| splice.c | -rw-r--r-- | 2.9 KB |
| splice.h | -rw-r--r-- | 306 bytes |
| sqpoll.c | -rw-r--r-- | 9.5 KB |
| sqpoll.h | -rw-r--r-- | 753 bytes |
| statx.c | -rw-r--r-- | 1.6 KB |
| statx.h | -rw-r--r-- | 217 bytes |
| sync.c | -rw-r--r-- | 2.7 KB |
| sync.h | -rw-r--r-- | 460 bytes |
| tctx.c | -rw-r--r-- | 7.2 KB |
| tctx.h | -rw-r--r-- | 992 bytes |
| timeout.c | -rw-r--r-- | 16.6 KB |
| timeout.h | -rw-r--r-- | 1.2 KB |
| uring_cmd.c | -rw-r--r-- | 4.0 KB |
| uring_cmd.h | -rw-r--r-- | 494 bytes |
| xattr.c | -rw-r--r-- | 5.5 KB |
| xattr.h | -rw-r--r-- | 654 bytes |
Computing file changes ...
