summaryrefslogtreecommitdiffstats
path: root/net/ipv6/ip6_fib.c
diff options
context:
space:
mode:
authorThomas Graf <tgraf@suug.ch>2012-06-15 01:00:17 +0200
committerDavid S. Miller <davem@davemloft.net>2012-06-16 00:30:15 +0200
commit2a0c451ade8e1783c5d453948289e4a978d417c9 (patch)
tree136dbbaf024f45200848ec371368668872545a2e /net/ipv6/ip6_fib.c
parentqlcnic: off by one in qlcnic_init_pci_info() (diff)
downloadlinux-2a0c451ade8e1783c5d453948289e4a978d417c9.tar.xz
linux-2a0c451ade8e1783c5d453948289e4a978d417c9.zip
ipv6: Prevent access to uninitialized fib_table_hash via /proc/net/ipv6_route
/proc/net/ipv6_route reflects the contents of fib_table_hash. The proc handler is installed in ip6_route_net_init() whereas fib_table_hash is allocated in fib6_net_init() _after_ the proc handler has been installed. This opens up a short time frame to access fib_table_hash with its pants down. fib6_init() as a whole can't be moved to an earlier position as it also registers the rtnetlink message handlers which should be registered at the end. Therefore split it into fib6_init() which is run early and fib6_init_late() to register the rtnetlink message handlers. Signed-off-by: Thomas Graf <tgraf@suug.ch> Reviewed-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6/ip6_fib.c')
-rw-r--r--net/ipv6/ip6_fib.c18
1 files changed, 11 insertions, 7 deletions
diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c
index 74c21b924a79..fbd4afff05fa 100644
--- a/net/ipv6/ip6_fib.c
+++ b/net/ipv6/ip6_fib.c
@@ -1692,21 +1692,25 @@ int __init fib6_init(void)
ret = register_pernet_subsys(&fib6_net_ops);
if (ret)
goto out_kmem_cache_create;
-
- ret = __rtnl_register(PF_INET6, RTM_GETROUTE, NULL, inet6_dump_fib,
- NULL);
- if (ret)
- goto out_unregister_subsys;
out:
return ret;
-out_unregister_subsys:
- unregister_pernet_subsys(&fib6_net_ops);
out_kmem_cache_create:
kmem_cache_destroy(fib6_node_kmem);
goto out;
}
+int __init fib6_init_late(void)
+{
+ return __rtnl_register(PF_INET6, RTM_GETROUTE, NULL, inet6_dump_fib,
+ NULL);
+}
+
+void fib6_cleanup_late(void)
+{
+ rtnl_unregister(PF_INET6, RTM_GETROUTE);
+}
+
void fib6_gc_cleanup(void)
{
unregister_pernet_subsys(&fib6_net_ops);