Hi everybody,
I was viewing the linux source code (version 2.6.9 ) for socket APIs.
in function sock_ioctl() [file net/socket.c.]
I found that the kernel is handling the socket pointer without any check.
Even in 'default' case it is calling sock->ops->ioctl() without checking whether the sock->ops having value or not.
Is this assumed that the kernel will call the sock_ioctl only when the socket data structure/ file structure/socket substructure exists, or there is some other reason for not putting checks before calling file operations in sock_ioctl
There may be case when someone may alloc socket in init module and map it to file descriptor using sock_map_fd() and increament its reference count using fget().
And at cleanup time it releases the socket using sock_release() without unmaping file descriptor and decreamenting the referenece count.
and socket->file would be NULL without freeing the inode number when sock_release returns. So at reboot time many network process may try to use this socket beacause inode is not being released. In this case kernel may crash.?
If anyone could explain this that would be very nice.
TIA
Regards,
Satinder
I was viewing the linux source code (version 2.6.9 ) for socket APIs.
in function sock_ioctl() [file net/socket.c.]
I found that the kernel is handling the socket pointer without any check.
Even in 'default' case it is calling sock->ops->ioctl() without checking whether the sock->ops having value or not.
Is this assumed that the kernel will call the sock_ioctl only when the socket data structure/ file structure/socket substructure exists, or there is some other reason for not putting checks before calling file operations in sock_ioctl
There may be case when someone may alloc socket in init module and map it to file descriptor using sock_map_fd() and increament its reference count using fget().
And at cleanup time it releases the socket using sock_release() without unmaping file descriptor and decreamenting the referenece count.
and socket->file would be NULL without freeing the inode number when sock_release returns. So at reboot time many network process may try to use this socket beacause inode is not being released. In this case kernel may crash.?
If anyone could explain this that would be very nice.
TIA
Regards,
Satinder
Send instant messages to your online friends http://in.messenger.yahoo.com
