ipsec: Fix aborted xfrm policy dump crash (1137b5e2) · Commits · 戴 / test

net/xfrm/xfrm_user.c

+15 −10

Original line number	Diff line number	Diff line
		@@ -1693,32 +1693,34 @@ static int dump_one_policy(struct xfrm_policy xp, int dir, int count, void ptr

		static int xfrm_dump_policy_done(struct netlink_callback *cb)
		{
		struct xfrm_policy_walk walk = (struct xfrm_policy_walk ) &cb->args[1];
		struct xfrm_policy_walk walk = (struct xfrm_policy_walk )cb->args;
		struct net *net = sock_net(cb->skb->sk);

		xfrm_policy_walk_done(walk, net);
		return 0;
		}

		static int xfrm_dump_policy_start(struct netlink_callback *cb)
		{
		struct xfrm_policy_walk walk = (struct xfrm_policy_walk )cb->args;

		BUILD_BUG_ON(sizeof(*walk) > sizeof(cb->args));

		xfrm_policy_walk_init(walk, XFRM_POLICY_TYPE_ANY);
		return 0;
		}

		static int xfrm_dump_policy(struct sk_buff skb, struct netlink_callback cb)
		{
		struct net *net = sock_net(skb->sk);
		struct xfrm_policy_walk walk = (struct xfrm_policy_walk ) &cb->args[1];
		struct xfrm_policy_walk walk = (struct xfrm_policy_walk )cb->args;
		struct xfrm_dump_info info;

		BUILD_BUG_ON(sizeof(struct xfrm_policy_walk) >
		sizeof(cb->args) - sizeof(cb->args[0]));

		info.in_skb = cb->skb;
		info.out_skb = skb;
		info.nlmsg_seq = cb->nlh->nlmsg_seq;
		info.nlmsg_flags = NLM_F_MULTI;

		if (!cb->args[0]) {
		cb->args[0] = 1;
		xfrm_policy_walk_init(walk, XFRM_POLICY_TYPE_ANY);
		}

		(void) xfrm_policy_walk(net, walk, dump_one_policy, &info);

		return skb->len;
		@@ -2474,6 +2476,7 @@ static const struct nla_policy xfrma_spd_policy[XFRMA_SPD_MAX+1] = {

		static const struct xfrm_link {
		int (doit)(struct sk_buff , struct nlmsghdr , struct nlattr *);
		int (start)(struct netlink_callback );
		int (dump)(struct sk_buff , struct netlink_callback *);
		int (done)(struct netlink_callback );
		const struct nla_policy *nla_pol;
		@@ -2487,6 +2490,7 @@ static const struct xfrm_link {
		[XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy },
		[XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy },
		[XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy,
		.start = xfrm_dump_policy_start,
		.dump = xfrm_dump_policy,
		.done = xfrm_dump_policy_done },
		[XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = { .doit = xfrm_alloc_userspi },
		@@ -2539,6 +2543,7 @@ static int xfrm_user_rcv_msg(struct sk_buff skb, struct nlmsghdr nlh,

		{
		struct netlink_dump_control c = {
		.start = link->start,
		.dump = link->dump,
		.done = link->done,
		};

Admin message