In nsim_fib_init(),if register_fib_notifier failed,nsim_fib_net_ops should be unregistered before return;
In nsim_fib_exit(),unregister_fib_notifier should be called before nsim_fib_net_ops be unregistered, otherwise may cause use-after-free
More detailed information can refer to: https://lkml.org/lkml/2019/10/11/216 kernel inclusion from:kernel-4.19 commit:2dca76fa95bf03c15bdcacd7cfa8f974c1a799f6 category:bugfix bugzilla:NA CVE:NA
Signed-off-by: liaichun 513565428@qq.com DESC:fix netdevsim resource leak
--- drivers/net/netdevsim/fib.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/netdevsim/fib.c b/drivers/net/netdevsim/fib.c index f61d094..d5c01b8 100644 --- a/drivers/net/netdevsim/fib.c +++ b/drivers/net/netdevsim/fib.c @@ -241,8 +241,8 @@ static int __net_init nsim_fib_netns_init(struct net *net)
void nsim_fib_exit(void) { - unregister_pernet_subsys(&nsim_fib_net_ops); unregister_fib_notifier(&nsim_fib_nb); + unregister_pernet_subsys(&nsim_fib_net_ops); }
int nsim_fib_init(void) @@ -257,6 +257,7 @@ int nsim_fib_init(void)
err = register_fib_notifier(&nsim_fib_nb, nsim_fib_dump_inconsistent); if (err < 0) { + unregister_pernet_subsys(&nsim_fib_net_ops); pr_err("Failed to register fib notifier\n"); goto err_out; }