• Johannes Berg's avatar
    genetlink: fix family dump race · 58ad436f
    Johannes Berg authored
    When dumping generic netlink families, only the first dump call
    is locked with genl_lock(), which protects the list of families,
    and thus subsequent calls can access the data without locking,
    racing against family addition/removal. This can cause a crash.
    Fix it - the locking needs to be conditional because the first
    time around it's already locked.
    
    A similar bug was reported to me on an old kernel (3.4.47) but
    the exact scenario that happened there is no longer possible,
    on those kernels the first round wasn't locked either. Looking
    at the current code I found the race described above, which had
    also existed on the old kernel.
    
    Cc: stable@vger.kernel.org
    Reported-by: default avatarAndrei Otcheretianski <andrei.otcheretianski@intel.com>
    Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    58ad436f
genetlink.c 24.2 KB