diff options
| author |  Jiri Pirko <jiri@mellanox.com>
| 2019-10-08 12:31:43 +0200 |
|---|---|---|
| committer |  Jakub Kicinski <jakub.kicinski@netronome.com>
| 2019-10-08 18:00:08 -0700 |
| commit | ab5b526da0485ac4af3d395e5ce1c04b1bfbb89c (patch) | |
| tree | 0dfc9c44e377d41c26efcdf4f0884e14f50d20e8 /net/tipc | |
| parent | Merge branch 'hns3-next' into net-next (diff) | |
| download | linux-ab5b526da0485ac4af3d395e5ce1c04b1bfbb89c.tar.gz linux-ab5b526da0485ac4af3d395e5ce1c04b1bfbb89c.tar.bz2 linux-ab5b526da0485ac4af3d395e5ce1c04b1bfbb89c.zip | |
net: genetlink: always allocate separate attrs for dumpit ops
Individual dumpit ops (start, dumpit, done) are locked by genl_lock
if !family->parallel_ops. However, multiple
genl_family_rcv_msg_dumpit() calls may in in flight in parallel.
Each has a separate struct genl_dumpit_info allocated
but they share the same family->attrbuf. Fix this by allocating separate
memory for attrs for dumpit ops, for non-parallel_ops (for parallel_ops
it is done already).
Reported-by: syzbot+495688b736534bb6c6ad@syzkaller.appspotmail.com
Reported-by: syzbot+ff59dc711f2cff879a05@syzkaller.appspotmail.com
Reported-by: syzbot+dbe02e13bcce52bcf182@syzkaller.appspotmail.com
Reported-by: syzbot+9cb7edb2906ea1e83006@syzkaller.appspotmail.com
Fixes: bf813b0afeae ("net: genetlink: parse attrs and store in contect info struct during dumpit")
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Diffstat (limited to 'net/tipc')
0 files changed, 0 insertions, 0 deletions