| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Jan 2017 15:42:48 -0500 (EST)
From: David Miller <davem@...emloft.net>
To: rshearma@...cade.com
Cc: netdev@...r.kernel.org, tom@...bertland.com,
roopa@...ulusnetworks.com, david.lebrun@...ouvain.be,
tgraf@...g.ch, dsa@...ulusnetworks.com
Subject: Re: [PATCH net v2 2/2] lwtunnel: Fix oops on state free after
encap module unload
From: Robert Shearman <rshearma@...cade.com>
Date: Sat, 21 Jan 2017 00:21:26 +0000
> @@ -115,8 +115,12 @@ int lwtunnel_build_state(struct net_device *dev, u16 encap_type,
> ret = -EOPNOTSUPP;
> rcu_read_lock();
Here 'ret' equals -EOPNOTSUPP
> ops = rcu_dereference(lwtun_encaps[encap_type]);
> - if (likely(ops && ops->build_state))
> - ret = ops->build_state(dev, encap, family, cfg, lws);
> + if (likely(ops)) {
> + if (likely(try_module_get(ops->owner) && ops->build_state))
> + ret = ops->build_state(dev, encap, family, cfg, lws);
> + if (ret)
> + module_put(ops->owner);
If try_module_get() fails, 'ret' will still be -EOPNOTSUPP and we will
module_put() on a module we did not grab a reference to.
I think you need to adjust the logic here. You only want to 'put' if
try_module_get() succeeds and ->build_state() returns an error.
Powered by blists - more mailing lists