kill_inet_sock() expects rhn_handle instance is passed
via inet_diag_arg argument. However on the following calling path:
generic_show_sock
=> show_one_inet_sock
=> kill_inet_sock
rth field of inet_diag_arg is not filled with the address of
rhn_handle instance. As the result ss crashes.
This commit fills the field with newly created rhn_handle
instance.
Changes in v2:
Instead of creating rtn_handle instances for each socket, create
one in upper layer and reuse it.
Signed-off-by: Masatake YAMATO <yam...@redhat.com>
---
misc/ss.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/misc/ss.c b/misc/ss.c
index 29a25070..e047f9c0 100644
--- a/misc/ss.c
+++ b/misc/ss.c
@@ -239,6 +239,7 @@ struct filter {
uint64_t families;
struct ssfilter *f;
bool kill;
+ struct rtnl_handle *rth_for_killing;
};
#define FAMILY_MASK(family) ((uint64_t)1 << (family))
@@ -4262,6 +4263,7 @@ static int generic_show_sock(const struct sockaddr_nl
*addr,
switch (r->sdiag_family) {
case AF_INET:
case AF_INET6:
+ inet_arg.rth = inet_arg.f->rth_for_killing;
return show_one_inet_sock(addr, nlh, &inet_arg);
case AF_UNIX:
return unix_show_sock(addr, nlh, arg);
@@ -4280,7 +4282,7 @@ static int handle_follow_request(struct filter *f)
{
int ret = 0;
int groups = 0;
- struct rtnl_handle rth;
+ struct rtnl_handle rth, rth2;
if (f->families & FAMILY_MASK(AF_INET) && f->dbs & (1 << TCP_DB))
groups |= 1 << (SKNLGRP_INET_TCP_DESTROY - 1);
@@ -4300,10 +4302,20 @@ static int handle_follow_request(struct filter *f)
rth.dump = 0;
rth.local.nl_pid = 0;
+ if (f->kill) {
+ if (rtnl_open_byproto(&rth2, groups, NETLINK_SOCK_DIAG)) {
+ rtnl_close(&rth);
+ return -1;
+ }
+ f->rth_for_killing = &rth2;
+ }
+
if (rtnl_dump_filter(&rth, generic_show_sock, f))
ret = -1;
rtnl_close(&rth);
+ if (f->rth_for_killing)
+ rtnl_close(f->rth_for_killing);
return ret;
}
--
2.14.3
