[mpls-linux-devel] Kernel taint in function mpls_out_op_set
Status: Beta
Brought to you by:
jleu
Menu
▾
▴
[mpls-linux-devel] Kernel taint in function mpls_out_op_set
|
From: Igor M. <ig...@et...> - 2011-08-18 09:19:19
|
Whomever it might concern:
Kernel taint was occurring in function *mpls_out_op_set* in file *
mpls_opcode.c*. That was occurring because, __refcnt of skb's dst_ops was
negative after release. Because of that, skb's dst_ops should be incremented
with function *dst_hold,* before it is released with *dst_release*. This is
my solution for the function:
MPLS_OUT_OPCODE_PROTOTYPE(mpls_out_op_set)
{
struct mpls_dst *md = data;
MPLS_ENTER;
/* Release the current dst in the socket buffer */
if (skb_dst(*skb)) {
dst_hold(skb_dst(*skb)); //added this to avoid kernel taint: Igor Maravić <
ig...@et...>
skb_dst_drop(*skb);
}
/*
* Update the dst field of the skbuffer in "real time"
*/
dst_hold(&md->u.dst);
skb_dst_set(*skb, &md->u.dst);
/* don't hold the dev we place in skb->dev, the dst is already */
/* holding it for us */
(*skb)->dev = md->u.dst.dev;
MPLS_EXIT;
return MPLS_RESULT_SUCCESS;
}
Old function was:
MPLS_OUT_OPCODE_PROTOTYPE(mpls_out_op_set)
{
struct mpls_dst *md = data;
MPLS_ENTER;
/* Release the current dst in the socket buffer */
if (skb_dst(*skb)) {
dst_release(skb_dst(*skb));
}
/*
* Update the dst field of the skbuffer in "real time"
*/
dst_hold(&md->u.dst);
skb_dst_set(*skb, &md->u.dst);
/* don't hold the dev we place in skb->dev, the dst is already */
/* holding it for us */
(*skb)->dev = md->u.dst.dev;
MPLS_EXIT;
return MPLS_RESULT_SUCCESS;
}
BR
Igor Maravić
|
