On 11/1/18 7:42 AM, Alexey Kodanev wrote:
> On 11/01/2018 04:11 PM, Alexey Kodanev wrote:
>> On 10/31/2018 08:35 PM, David Ahern wrote:
>>> On 10/31/18 10:55 AM, David Ahern wrote:
I think the simplest fix for 4.20 is to break the loop if ret is non-0 -
restore the previous behavior.
>>>
On 11/01/2018 04:11 PM, Alexey Kodanev wrote:
> On 10/31/2018 08:35 PM, David Ahern wrote:
>> On 10/31/18 10:55 AM, David Ahern wrote:
>>> I think the simplest fix for 4.20 is to break the loop if ret is non-0 -
>>> restore the previous behavior.
>>
>> that is the only recourse. It has to bail if
On 10/31/2018 08:35 PM, David Ahern wrote:
> On 10/31/18 10:55 AM, David Ahern wrote:
>> I think the simplest fix for 4.20 is to break the loop if ret is non-0 -
>> restore the previous behavior.
>
> that is the only recourse. It has to bail if ret is non-0. Do you want
> to send a patch with tha
On 10/31/18 10:55 AM, David Ahern wrote:
> I think the simplest fix for 4.20 is to break the loop if ret is non-0 -
> restore the previous behavior.
that is the only recourse. It has to bail if ret is non-0. Do you want
to send a patch with that fix?
On 10/31/18 12:42 AM, Alexey Kodanev wrote:
> cb->args[2] can store the pointer to the struct fib6_walker,
> allocated in inet6_dump_fib(). On the next loop iteration in
> rtnl_dump_all(), 'memset(&cb, 0, sizeof(cb->args))' can reset
> that pointer, leaking the memory [1].
>
> Fix it by calling cb
On 31.10.2018 09:42, Alexey Kodanev wrote:
> cb->args[2] can store the pointer to the struct fib6_walker,
> allocated in inet6_dump_fib(). On the next loop iteration in
> rtnl_dump_all(), 'memset(&cb, 0, sizeof(cb->args))' can reset
> that pointer, leaking the memory [1].
>
On the second thought w
cb->args[2] can store the pointer to the struct fib6_walker,
allocated in inet6_dump_fib(). On the next loop iteration in
rtnl_dump_all(), 'memset(&cb, 0, sizeof(cb->args))' can reset
that pointer, leaking the memory [1].
Fix it by calling cb->done, if it is set, before filling 'cb->args'
with zer
