Bug 132894

Summary: ipv6 doesn't call sock_unregister() if initialization fails
Product: [openSUSE] SUSE LINUX 10.0 Reporter: Jesse Michael <jmichael>
Component: KernelAssignee: Olaf Kirch <okir>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None    
Version: Final   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: Proposed patch

Description Jesse Michael 2005-11-09 09:41:54 UTC 
If ipv6 initialization fails (e.g. if CAP_NET_RAW is disabled using the LSM framework), the fail path in inet6_init() doesn't call sock_unregister().

This leaves the AF_INET6 entry in the net_families[] array pointing at outer space and causes any ipv6-aware applications to oops when __sock_create() tries to access net_families[family]->owner.

This was found on 2.6.13-15-default, but the mainline 2.6.14 kernel has the same problem so we should push the fix upstream also.
Comment 1 Olaf Kirch 2005-11-10 09:30:53 UTC 
Created attachment 56952 [details]
Proposed patch

This should do the trick. Please test
Comment 2 Olaf Kirch 2005-11-11 10:20:20 UTC 
Patches applied to HEAD and 10.0 trees.
Comment 3 Jesse Michael 2005-11-16 07:23:25 UTC 
The attached patch worked on my SLES9 SP3 test box and the corresponding 2.6.14 patch I grabbed using a "getpac kernel-default" worked on my SUSE Linux 10.0 box.
Comment 4 Olaf Kirch 2005-12-12 10:35:50 UTC 
Fine, thanks! I also submitted this upstream.