| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 31 Jan 2019 14:20:08 +0100
From: alexandre.besnard@...tathome.com
To: davem@...emloft.net, ktkhai@...tuozzo.com, ecree@...arflare.com,
jiri@...lanox.com, petrm@...lanox.com, alexander.h.duyck@...el.com,
amritha.nambiar@...el.com, lirongqing@...du.com
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
Alexandre Besnard <alexandre.besnard@...tathome.com>
Subject: [PATCH] net: check negative value for signed refcnt
From: Alexandre Besnard <alexandre.besnard@...tathome.com>
Device remaining references counter is get as a signed integer.
When unregistering network devices, the loop waiting for this counter
to decrement tests the 0 strict equality. Thus if an error occurs and
two references are given back by a protocol, we are stuck in the loop
forever, with a -1 value.
Robustness is added by checking a negative value: the device is then
considered free of references, and a warning is issued (it should not
happen, one should check that behavior)
Signed-off-by: Alexandre Besnard <alexandre.besnard@...tathome.com>
---
net/core/dev.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/net/core/dev.c b/net/core/dev.c
index ddc551f..e4190ae 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -8687,6 +8687,11 @@ static void netdev_wait_allrefs(struct net_device *dev)
refcnt = netdev_refcnt_read(dev);
while (refcnt != 0) {
+ if (refcnt < 0) {
+ pr_warn("Device %s refcnt negative: device considered free, but it should not happen\n",
+ dev->name);
+ break;
+ }
if (time_after(jiffies, rebroadcast_time + 1 * HZ)) {
rtnl_lock();
--
2.7.4
Powered by blists - more mailing lists