| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 20 Feb 2007 17:34:12 +0300
From: Oleg Nesterov <oleg@...sign.ru>
To: David Howells <dhowells@...hat.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
Jarek Poplawski <jarkao2@...pl>,
"David S. Miller" <davem@...emloft.net>,
linux-kernel@...r.kernel.org
Subject: Re: PATCH? net/bridge/br_if.c: fix use after free in port_carrier_check()
On 02/20, David Howells wrote:
>
> Oleg Nesterov <oleg@...sign.ru> wrote:
>
> > static void release_nbp(struct kobject *kobj)
> > {
> > struct net_bridge_port *p
> > = container_of(kobj, struct net_bridge_port, kobj);
> > +
> > + dev_put(p->dev);
>
> Does this need to be done with the mutex held?
I think no. At least the current code does dev_put() without mutex held.
> And does anything actually pay
> attention to the refcount on dev? I assume not...
I guess net/core/dev.c:netdev_wait_allrefs(), but not sure.
> Should you clear p->dev->br_port before calling dev_put()?
Looks like it is protected by RCU... Anyway the current code does the same.
> Looks reasonable. I like it.
>
> Acked-By: David Howells <dhowells@...hat.com>
Thanks! I'll re-send with a proper changelog later today.
Oleg.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists