[Query] regarding sock_ioctl in linux kernel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



 Hi everybody,


I was viewing the linux source code (version 2.6.9 )
for socket APIs.

in function sock_ioctl() [file net/socket.c.]
I found that the kernel is handling the socket pointer
without any check.
Even in 'default' case it is calling
sock->ops->ioctl() without checking whether the
sock->ops having value or not.

Is this assumed that the kernel will call the
sock_ioctl only when the socket data structure/ file
structure/socket substructure  exists, or there is
some other reason for not putting checks before
calling file operations in sock_ioctl

There may be case when someone may alloc socket in
init module and map it to file descriptor using
sock_map_fd() and increament its reference count using
fget().

And at cleanup time it releases the socket using
sock_release() without unmaping file descriptor and
decreamenting the referenece count.

and  socket->file would be NULL without freeing the
inode number when sock_release returns. So at reboot
time many network process may try to use this socket
beacause inode is not being  released. In this case
kernel may crash.?

If anyone could explain this that would be very nice.
Please keep me in cc.
TIA

Regards,
Satinder

Send instant messages to your online friends http://in.messenger.yahoo.com 
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux