ClabureDB: Classified Bug-Reports Database

Project: Linux Kernel

Showing error 1462

User:	Jiri Slaby
Error type:	Leaving function in locked state
Error type description:	Some lock is not unlocked on all paths of a function, so it is leaked
File location:	net/ax25/ax25_route.c
Line in file:	259
Project:	Linux Kernel
Project version:	2.6.28
Tools:	Stanse (1.2)
Entered:	2012-05-21 20:30:05 UTC
Source:

  1/*
  2 * This program is free software; you can redistribute it and/or modify
  3 * it under the terms of the GNU General Public License as published by
  4 * the Free Software Foundation; either version 2 of the License, or
  5 * (at your option) any later version.
  6 *
  7 * Copyright (C) Alan Cox GW4PTS (alan@lxorguk.ukuu.org.uk)
  8 * Copyright (C) Jonathan Naylor G4KLX (g4klx@g4klx.demon.co.uk)
  9 * Copyright (C) Steven Whitehouse GW7RRM (stevew@acm.org)
 10 * Copyright (C) Joerg Reuter DL1BKE (jreuter@yaina.de)
 11 * Copyright (C) Hans-Joachim Hetscher DD8NE (dd8ne@bnv-bamberg.de)
 12 * Copyright (C) Frederic Rible F1OAT (frible@teaser.fr)
 13 */
 14
 15#include <linux/capability.h>
 16#include <linux/errno.h>
 17#include <linux/types.h>
 18#include <linux/socket.h>
 19#include <linux/timer.h>
 20#include <linux/in.h>
 21#include <linux/kernel.h>
 22#include <linux/sched.h>
 23#include <linux/string.h>
 24#include <linux/sockios.h>
 25#include <linux/net.h>
 26#include <net/ax25.h>
 27#include <linux/inet.h>
 28#include <linux/netdevice.h>
 29#include <linux/if_arp.h>
 30#include <linux/skbuff.h>
 31#include <linux/spinlock.h>
 32#include <net/sock.h>
 33#include <asm/uaccess.h>
 34#include <asm/system.h>
 35#include <linux/fcntl.h>
 36#include <linux/mm.h>
 37#include <linux/interrupt.h>
 38#include <linux/init.h>
 39#include <linux/seq_file.h>
 40
 41static ax25_route *ax25_route_list;
 42static DEFINE_RWLOCK(ax25_route_lock);
 43
 44void ax25_rt_device_down(struct net_device *dev)
 45{
 46        ax25_route *s, *t, *ax25_rt;
 47
 48        write_lock_bh(&ax25_route_lock);
 49        ax25_rt = ax25_route_list;
 50        while (ax25_rt != NULL) {
 51                s       = ax25_rt;
 52                ax25_rt = ax25_rt->next;
 53
 54                if (s->dev == dev) {
 55                        if (ax25_route_list == s) {
 56                                ax25_route_list = s->next;
 57                                kfree(s->digipeat);
 58                                kfree(s);
 59                        } else {
 60                                for (t = ax25_route_list; t != NULL; t = t->next) {
 61                                        if (t->next == s) {
 62                                                t->next = s->next;
 63                                                kfree(s->digipeat);
 64                                                kfree(s);
 65                                                break;
 66                                        }
 67                                }
 68                        }
 69                }
 70        }
 71        write_unlock_bh(&ax25_route_lock);
 72}
 73
 74static int __must_check ax25_rt_add(struct ax25_routes_struct *route)
 75{
 76        ax25_route *ax25_rt;
 77        ax25_dev *ax25_dev;
 78        int i;
 79
 80        if ((ax25_dev = ax25_addr_ax25dev(&route->port_addr)) == NULL)
 81                return -EINVAL;
 82        if (route->digi_count > AX25_MAX_DIGIS)
 83                return -EINVAL;
 84
 85        write_lock_bh(&ax25_route_lock);
 86
 87        ax25_rt = ax25_route_list;
 88        while (ax25_rt != NULL) {
 89                if (ax25cmp(&ax25_rt->callsign, &route->dest_addr) == 0 &&
 90                            ax25_rt->dev == ax25_dev->dev) {
 91                        kfree(ax25_rt->digipeat);
 92                        ax25_rt->digipeat = NULL;
 93                        if (route->digi_count != 0) {
 94                                if ((ax25_rt->digipeat = kmalloc(sizeof(ax25_digi), GFP_ATOMIC)) == NULL) {
 95                                        write_unlock_bh(&ax25_route_lock);
 96                                        return -ENOMEM;
 97                                }
 98                                ax25_rt->digipeat->lastrepeat = -1;
 99                                ax25_rt->digipeat->ndigi      = route->digi_count;
100                                for (i = 0; i < route->digi_count; i++) {
101                                        ax25_rt->digipeat->repeated[i] = 0;
102                                        ax25_rt->digipeat->calls[i]    = route->digi_addr[i];
103                                }
104                        }
105                        write_unlock_bh(&ax25_route_lock);
106                        return 0;
107                }
108                ax25_rt = ax25_rt->next;
109        }
110
111        if ((ax25_rt = kmalloc(sizeof(ax25_route), GFP_ATOMIC)) == NULL) {
112                write_unlock_bh(&ax25_route_lock);
113                return -ENOMEM;
114        }
115
116        atomic_set(&ax25_rt->refcount, 1);
117        ax25_rt->callsign     = route->dest_addr;
118        ax25_rt->dev          = ax25_dev->dev;
119        ax25_rt->digipeat     = NULL;
120        ax25_rt->ip_mode      = ' ';
121        if (route->digi_count != 0) {
122                if ((ax25_rt->digipeat = kmalloc(sizeof(ax25_digi), GFP_ATOMIC)) == NULL) {
123                        write_unlock_bh(&ax25_route_lock);
124                        kfree(ax25_rt);
125                        return -ENOMEM;
126                }
127                ax25_rt->digipeat->lastrepeat = -1;
128                ax25_rt->digipeat->ndigi      = route->digi_count;
129                for (i = 0; i < route->digi_count; i++) {
130                        ax25_rt->digipeat->repeated[i] = 0;
131                        ax25_rt->digipeat->calls[i]    = route->digi_addr[i];
132                }
133        }
134        ax25_rt->next   = ax25_route_list;
135        ax25_route_list = ax25_rt;
136        write_unlock_bh(&ax25_route_lock);
137
138        return 0;
139}
140
141void __ax25_put_route(ax25_route *ax25_rt)
142{
143        kfree(ax25_rt->digipeat);
144        kfree(ax25_rt);
145}
146
147static int ax25_rt_del(struct ax25_routes_struct *route)
148{
149        ax25_route *s, *t, *ax25_rt;
150        ax25_dev *ax25_dev;
151
152        if ((ax25_dev = ax25_addr_ax25dev(&route->port_addr)) == NULL)
153                return -EINVAL;
154
155        write_lock_bh(&ax25_route_lock);
156
157        ax25_rt = ax25_route_list;
158        while (ax25_rt != NULL) {
159                s       = ax25_rt;
160                ax25_rt = ax25_rt->next;
161                if (s->dev == ax25_dev->dev &&
162                    ax25cmp(&route->dest_addr, &s->callsign) == 0) {
163                        if (ax25_route_list == s) {
164                                ax25_route_list = s->next;
165                                ax25_put_route(s);
166                        } else {
167                                for (t = ax25_route_list; t != NULL; t = t->next) {
168                                        if (t->next == s) {
169                                                t->next = s->next;
170                                                ax25_put_route(s);
171                                                break;
172                                        }
173                                }
174                        }
175                }
176        }
177        write_unlock_bh(&ax25_route_lock);
178
179        return 0;
180}
181
182static int ax25_rt_opt(struct ax25_route_opt_struct *rt_option)
183{
184        ax25_route *ax25_rt;
185        ax25_dev *ax25_dev;
186        int err = 0;
187
188        if ((ax25_dev = ax25_addr_ax25dev(&rt_option->port_addr)) == NULL)
189                return -EINVAL;
190
191        write_lock_bh(&ax25_route_lock);
192
193        ax25_rt = ax25_route_list;
194        while (ax25_rt != NULL) {
195                if (ax25_rt->dev == ax25_dev->dev &&
196                    ax25cmp(&rt_option->dest_addr, &ax25_rt->callsign) == 0) {
197                        switch (rt_option->cmd) {
198                        case AX25_SET_RT_IPMODE:
199                                switch (rt_option->arg) {
200                                case ' ':
201                                case 'D':
202                                case 'V':
203                                        ax25_rt->ip_mode = rt_option->arg;
204                                        break;
205                                default:
206                                        err = -EINVAL;
207                                        goto out;
208                                }
209                                break;
210                        default:
211                                err = -EINVAL;
212                                goto out;
213                        }
214                }
215                ax25_rt = ax25_rt->next;
216        }
217
218out:
219        write_unlock_bh(&ax25_route_lock);
220        return err;
221}
222
223int ax25_rt_ioctl(unsigned int cmd, void __user *arg)
224{
225        struct ax25_route_opt_struct rt_option;
226        struct ax25_routes_struct route;
227
228        switch (cmd) {
229        case SIOCADDRT:
230                if (copy_from_user(&route, arg, sizeof(route)))
231                        return -EFAULT;
232                return ax25_rt_add(&route);
233
234        case SIOCDELRT:
235                if (copy_from_user(&route, arg, sizeof(route)))
236                        return -EFAULT;
237                return ax25_rt_del(&route);
238
239        case SIOCAX25OPTRT:
240                if (copy_from_user(&rt_option, arg, sizeof(rt_option)))
241                        return -EFAULT;
242                return ax25_rt_opt(&rt_option);
243
244        default:
245                return -EINVAL;
246        }
247}
248
249#ifdef CONFIG_PROC_FS
250
251static void *ax25_rt_seq_start(struct seq_file *seq, loff_t *pos)
252        __acquires(ax25_route_lock)
253{
254        struct ax25_route *ax25_rt;
255        int i = 1;
256
257        read_lock(&ax25_route_lock);
258        if (*pos == 0)
259                return SEQ_START_TOKEN;
260
261        for (ax25_rt = ax25_route_list; ax25_rt != NULL; ax25_rt = ax25_rt->next) {
262                if (i == *pos)
263                        return ax25_rt;
264                ++i;
265        }
266
267        return NULL;
268}
269
270static void *ax25_rt_seq_next(struct seq_file *seq, void *v, loff_t *pos)
271{
272        ++*pos;
273        return (v == SEQ_START_TOKEN) ? ax25_route_list :
274                ((struct ax25_route *) v)->next;
275}
276
277static void ax25_rt_seq_stop(struct seq_file *seq, void *v)
278        __releases(ax25_route_lock)
279{
280        read_unlock(&ax25_route_lock);
281}
282
283static int ax25_rt_seq_show(struct seq_file *seq, void *v)
284{
285        char buf[11];
286
287        if (v == SEQ_START_TOKEN)
288                seq_puts(seq, "callsign  dev  mode digipeaters\n");
289        else {
290                struct ax25_route *ax25_rt = v;
291                const char *callsign;
292                int i;
293
294                if (ax25cmp(&ax25_rt->callsign, &null_ax25_address) == 0)
295                        callsign = "default";
296                else
297                        callsign = ax2asc(buf, &ax25_rt->callsign);
298
299                seq_printf(seq, "%-9s %-4s",
300                        callsign,
301                        ax25_rt->dev ? ax25_rt->dev->name : "???");
302
303                switch (ax25_rt->ip_mode) {
304                case 'V':
305                        seq_puts(seq, "   vc");
306                        break;
307                case 'D':
308                        seq_puts(seq, "   dg");
309                        break;
310                default:
311                        seq_puts(seq, "    *");
312                        break;
313                }
314
315                if (ax25_rt->digipeat != NULL)
316                        for (i = 0; i < ax25_rt->digipeat->ndigi; i++)
317                                seq_printf(seq, " %s",
318                                     ax2asc(buf, &ax25_rt->digipeat->calls[i]));
319
320                seq_puts(seq, "\n");
321        }
322        return 0;
323}
324
325static const struct seq_operations ax25_rt_seqops = {
326        .start = ax25_rt_seq_start,
327        .next = ax25_rt_seq_next,
328        .stop = ax25_rt_seq_stop,
329        .show = ax25_rt_seq_show,
330};
331
332static int ax25_rt_info_open(struct inode *inode, struct file *file)
333{
334        return seq_open(file, &ax25_rt_seqops);
335}
336
337const struct file_operations ax25_route_fops = {
338        .owner = THIS_MODULE,
339        .open = ax25_rt_info_open,
340        .read = seq_read,
341        .llseek = seq_lseek,
342        .release = seq_release,
343};
344
345#endif
346
347/*
348 *        Find AX.25 route
349 *
350 *        Only routes with a reference count of zero can be destroyed.
351 */
352ax25_route *ax25_get_route(ax25_address *addr, struct net_device *dev)
353{
354        ax25_route *ax25_spe_rt = NULL;
355        ax25_route *ax25_def_rt = NULL;
356        ax25_route *ax25_rt;
357
358        read_lock(&ax25_route_lock);
359        /*
360         *        Bind to the physical interface we heard them on, or the default
361         *        route if none is found;
362         */
363        for (ax25_rt = ax25_route_list; ax25_rt != NULL; ax25_rt = ax25_rt->next) {
364                if (dev == NULL) {
365                        if (ax25cmp(&ax25_rt->callsign, addr) == 0 && ax25_rt->dev != NULL)
366                                ax25_spe_rt = ax25_rt;
367                        if (ax25cmp(&ax25_rt->callsign, &null_ax25_address) == 0 && ax25_rt->dev != NULL)
368                                ax25_def_rt = ax25_rt;
369                } else {
370                        if (ax25cmp(&ax25_rt->callsign, addr) == 0 && ax25_rt->dev == dev)
371                                ax25_spe_rt = ax25_rt;
372                        if (ax25cmp(&ax25_rt->callsign, &null_ax25_address) == 0 && ax25_rt->dev == dev)
373                                ax25_def_rt = ax25_rt;
374                }
375        }
376
377        ax25_rt = ax25_def_rt;
378        if (ax25_spe_rt != NULL)
379                ax25_rt = ax25_spe_rt;
380
381        if (ax25_rt != NULL)
382                ax25_hold_route(ax25_rt);
383
384        read_unlock(&ax25_route_lock);
385
386        return ax25_rt;
387}
388
389/*
390 *        Adjust path: If you specify a default route and want to connect
391 *      a target on the digipeater path but w/o having a special route
392 *        set before, the path has to be truncated from your target on.
393 */
394static inline void ax25_adjust_path(ax25_address *addr, ax25_digi *digipeat)
395{
396        int k;
397
398        for (k = 0; k < digipeat->ndigi; k++) {
399                if (ax25cmp(addr, &digipeat->calls[k]) == 0)
400                        break;
401        }
402
403        digipeat->ndigi = k;
404}
405
406
407/*
408 *        Find which interface to use.
409 */
410int ax25_rt_autobind(ax25_cb *ax25, ax25_address *addr)
411{
412        ax25_uid_assoc *user;
413        ax25_route *ax25_rt;
414        int err;
415
416        if ((ax25_rt = ax25_get_route(addr, NULL)) == NULL)
417                return -EHOSTUNREACH;
418
419        if ((ax25->ax25_dev = ax25_dev_ax25dev(ax25_rt->dev)) == NULL) {
420                err = -EHOSTUNREACH;
421                goto put;
422        }
423
424        user = ax25_findbyuid(current->euid);
425        if (user) {
426                ax25->source_addr = user->call;
427                ax25_uid_put(user);
428        } else {
429                if (ax25_uid_policy && !capable(CAP_NET_BIND_SERVICE)) {
430                        err = -EPERM;
431                        goto put;
432                }
433                ax25->source_addr = *(ax25_address *)ax25->ax25_dev->dev->dev_addr;
434        }
435
436        if (ax25_rt->digipeat != NULL) {
437                ax25->digipeat = kmemdup(ax25_rt->digipeat, sizeof(ax25_digi),
438                                         GFP_ATOMIC);
439                if (ax25->digipeat == NULL) {
440                        err = -ENOMEM;
441                        goto put;
442                }
443                ax25_adjust_path(addr, ax25->digipeat);
444        }
445
446        if (ax25->sk != NULL) {
447                bh_lock_sock(ax25->sk);
448                sock_reset_flag(ax25->sk, SOCK_ZAPPED);
449                bh_unlock_sock(ax25->sk);
450        }
451
452put:
453        ax25_put_route(ax25_rt);
454
455        return 0;
456}
457
458struct sk_buff *ax25_rt_build_path(struct sk_buff *skb, ax25_address *src,
459        ax25_address *dest, ax25_digi *digi)
460{
461        struct sk_buff *skbn;
462        unsigned char *bp;
463        int len;
464
465        len = digi->ndigi * AX25_ADDR_LEN;
466
467        if (skb_headroom(skb) < len) {
468                if ((skbn = skb_realloc_headroom(skb, len)) == NULL) {
469                        printk(KERN_CRIT "AX.25: ax25_dg_build_path - out of memory\n");
470                        return NULL;
471                }
472
473                if (skb->sk != NULL)
474                        skb_set_owner_w(skbn, skb->sk);
475
476                kfree_skb(skb);
477
478                skb = skbn;
479        }
480
481        bp = skb_push(skb, len);
482
483        ax25_addr_build(bp, src, dest, digi, AX25_COMMAND, AX25_MODULUS);
484
485        return skb;
486}
487
488/*
489 *        Free all memory associated with routing structures.
490 */
491void __exit ax25_rt_free(void)
492{
493        ax25_route *s, *ax25_rt = ax25_route_list;
494
495        write_lock_bh(&ax25_route_lock);
496        while (ax25_rt != NULL) {
497                s       = ax25_rt;
498                ax25_rt = ax25_rt->next;
499
500                kfree(s->digipeat);
501                kfree(s);
502        }
503        write_unlock_bh(&ax25_route_lock);
504}