lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1316461375.2455.4.camel@edumazet-laptop>
Date:	Mon, 19 Sep 2011 21:42:54 +0200
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	Maciej Żenczykowski <zenczykowski@...il.com>
Cc:	Maciej Żenczykowski <maze@...gle.com>,
	"David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
	MuraliRaja Muniraju <muralira@...gle.com>
Subject: Re: [PATCH] net: fix lockdep issue in __neigh_event_send

Le lundi 19 septembre 2011 à 12:12 -0700, Maciej Żenczykowski a écrit :
> From: Maciej Żenczykowski <maze@...gle.com>
> 
> skb's should be freed once neigh->lock is no longer held.
> 
> Google-Bug-Id: 4561441
> Signed-off-by: Maciej Żenczykowski <maze@...gle.com>
> CC: MuraliRaja Muniraju <muralira@...gle.com>
> ---
>  net/core/neighbour.c net/core/neighbour.c |   12 ++++++------
>  1 files changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/net/core/neighbour.c b/net/core/neighbour.c
> index 4002261..53d034a 100644
> --- a/net/core/neighbour.c
> +++ b/net/core/neighbour.c
> @@ -949,6 +949,7 @@ int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb)
>  {
>  	int rc;
>  	bool immediate_probe = false;
> +	struct sk_buff *buff_to_free = NULL;
>  
>  	write_lock_bh(&neigh->lock);
>  
> @@ -969,10 +970,10 @@ int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb)
>  		} else {
>  			neigh->nud_state = NUD_FAILED;
>  			neigh->updated = jiffies;
> -			write_unlock_bh(&neigh->lock);
>  
> -			kfree_skb(skb);

I dont understand, here we call kfree_skb() while no lock is held.

> -			return 1;
> +			buff_to_free = skb;
> +			rc = 1;
> +			goto out_unlock_bh;
>  		}
>  	} else if (neigh->nud_state & NUD_STALE) {
>  		NEIGH_PRINTK2("neigh %p is delayed.\n", neigh);
> @@ -986,9 +987,7 @@ int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb)
>  		if (skb) {
>  			if (skb_queue_len(&neigh->arp_queue) >=
>  			    neigh->parms->queue_len) {
> -				struct sk_buff *buff;
> -				buff = __skb_dequeue(&neigh->arp_queue);
> -				kfree_skb(buff);
> +				buff_to_free = __skb_dequeue(&neigh->arp_queue);
>  				NEIGH_CACHE_STAT_INC(neigh->tbl, unres_discards);
>  			}
>  			skb_dst_force(skb);
> @@ -1002,6 +1001,7 @@ out_unlock_bh:
>  	else
>  		write_unlock(&neigh->lock);
>  	local_bh_enable();
> +	kfree_skb(buff_to_free);
>  	return rc;
>  }
>  EXPORT_SYMBOL(__neigh_event_send);

Could you give us the lockdep report please ?

Thanks !


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ