• Tom Herbert's avatar
    ila: Fix crash caused by rhashtable changes · 1913540a
    Tom Herbert authored
    commit ca26893f ("rhashtable: Add rhlist interface")
    added a field to rhashtable_iter so that length became 56 bytes
    and would exceed the size of args in netlink_callback (which is
    48 bytes). The netlink diag dump function already has been
    allocating a iter structure and storing the pointed to that
    in the args of netlink_callback. ila_xlat also uses
    rhahstable_iter but is still putting that directly in
    the arg block. Now since rhashtable_iter size is increased
    we are overwriting beyond the structure. The next field
    happens to be cb_mutex pointer in netlink_sock and hence the crash.
    
    Fix is to alloc the rhashtable_iter and save it as pointer
    in arg.
    
    Tested:
    
      modprobe ila
      ./ip ila add loc 3333:0:0:0 loc_match 2222:0:0:1,
      ./ip ila list  # NO crash now
    Signed-off-by: default avatarTom Herbert <tom@herbertland.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    1913540a
ila_xlat.c 13.8 KB