lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 10 Jan 2014 11:59:43 +0100 From: Veaceslav Falico <vfalico@...hat.com> To: netdev@...r.kernel.org Cc: Veaceslav Falico <vfalico@...hat.com>, dingtianhong@...wei.com, Jay Vosburgh <fubar@...ibm.com>, Andy Gospodarek <andy@...yhouse.net> Subject: [PATCH v4 net-next 1/3] bonding: fix bond_3ad_set_carrier() RCU usage Currently, its usage is just plainly wrong. It first gets a slave under RCU, and, after releasing the RCU lock, continues to use it - whilst it can be freed. Fix this by ensuring that bond_3ad_set_carrier() holds RCU till it uses its slave (or its agg). Fixes: be79bd048ab ("bonding: add RCU for bond_3ad_state_machine_handler()") CC: dingtianhong@...wei.com CC: Jay Vosburgh <fubar@...ibm.com> CC: Andy Gospodarek <andy@...yhouse.net> Signed-off-by: Veaceslav Falico <vfalico@...hat.com> --- Notes: v3 -> v4: Remove the useless goto out. v2 -> v3: Just wrap RCU for the whole usage of our slave. v1 -> v2: Don't use _rcu primitives as we can be called under RTNL too. v2 -> v3: Just wrap RCU for the whole usage of our slave. v1 -> v2: Don't use _rcu primitives as we can be called under RTNL too. v1 -> v2: Don't use _rcu primitives as we can be called under RTNL too. drivers/net/bonding/bond_3ad.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/drivers/net/bonding/bond_3ad.c b/drivers/net/bonding/bond_3ad.c index 29db1ca..da0d7c5 100644 --- a/drivers/net/bonding/bond_3ad.c +++ b/drivers/net/bonding/bond_3ad.c @@ -2327,32 +2327,32 @@ int bond_3ad_set_carrier(struct bonding *bond) { struct aggregator *active; struct slave *first_slave; + int ret = 1; rcu_read_lock(); first_slave = bond_first_slave_rcu(bond); - rcu_read_unlock(); - if (!first_slave) - return 0; + if (!first_slave) { + ret = 0; + goto out; + } active = __get_active_agg(&(SLAVE_AD_INFO(first_slave).aggregator)); if (active) { /* are enough slaves available to consider link up? */ if (active->num_of_ports < bond->params.min_links) { if (netif_carrier_ok(bond->dev)) { netif_carrier_off(bond->dev); - return 1; + goto out; } } else if (!netif_carrier_ok(bond->dev)) { netif_carrier_on(bond->dev); - return 1; + goto out; } - return 0; - } - - if (netif_carrier_ok(bond->dev)) { + } else if (netif_carrier_ok(bond->dev)) { netif_carrier_off(bond->dev); - return 1; } - return 0; +out: + rcu_read_unlock(); + return ret; } /** -- 1.8.4 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists