GitHub-Mirror/Star64_linux
2
0
Fork 0
mirror of https://github.com/Fishwaldo/Star64_linux.git synced 2025-07-23 15:27:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
Star64_linux/net
History
Eric Dumazet 7f700334be ip6_gre: proper dev_{hold|put} in ndo_[un]init methods 
After adopting CONFIG_PCPU_DEV_REFCNT=n option, syzbot was able to trigger
a warning [1]

Issue here is that:

- all dev_put() should be paired with a corresponding dev_hold(),
  and vice versa.

- A driver doing a dev_put() in its ndo_uninit() MUST also
  do a dev_hold() in its ndo_init(), only when ndo_init()
  is returning 0.

Otherwise, register_netdevice() would call ndo_uninit()
in its error path and release a refcount too soon.

ip6_gre for example (among others problematic drivers)
has to use dev_hold() in ip6gre_tunnel_init_common()
instead of from ip6gre_newlink_common(), covering
both ip6gre_tunnel_init() and ip6gre_tap_init()/

Note that ip6gre_tunnel_init_common() is not called from
ip6erspan_tap_init() thus we also need to add a dev_hold() there,
as ip6erspan_tunnel_uninit() does call dev_put()

[1]
refcount_t: decrement hit 0; leaking memory.
WARNING: CPU: 0 PID: 8422 at lib/refcount.c:31 refcount_warn_saturate+0xbf/0x1e0 lib/refcount.c:31
Modules linked in:
CPU: 1 PID: 8422 Comm: syz-executor854 Not tainted 5.12.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:refcount_warn_saturate+0xbf/0x1e0 lib/refcount.c:31
Code: 1d 6a 5a e8 09 31 ff 89 de e8 8d 1a ab fd 84 db 75 e0 e8 d4 13 ab fd 48 c7 c7 a0 e1 c1 89 c6 05 4a 5a e8 09 01 e8 2e 36 fb 04 <0f> 0b eb c4 e8 b8 13 ab fd 0f b6 1d 39 5a e8 09 31 ff 89 de e8 58
RSP: 0018:ffffc900018befd0 EFLAGS: 00010282
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff88801ef19c40 RSI: ffffffff815c51f5 RDI: fffff52000317dec
RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff815bdf8e R11: 0000000000000000 R12: ffff888018cf4568
R13: ffff888018cf4c00 R14: ffff8880228f2000 R15: ffffffff8d659b80
FS:  00000000014eb300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055d7bf2b3138 CR3: 0000000014933000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __refcount_dec include/linux/refcount.h:344 [inline]
 refcount_dec include/linux/refcount.h:359 [inline]
 dev_put include/linux/netdevice.h:4135 [inline]
 ip6gre_tunnel_uninit+0x3d7/0x440 net/ipv6/ip6_gre.c:420
 register_netdevice+0xadf/0x1500 net/core/dev.c:10308
 ip6gre_newlink_common.constprop.0+0x158/0x410 net/ipv6/ip6_gre.c:1984
 ip6gre_newlink+0x275/0x7a0 net/ipv6/ip6_gre.c:2017
 __rtnl_newlink+0x1062/0x1710 net/core/rtnetlink.c:3443
 rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3491
 rtnetlink_rcv_msg+0x44e/0xad0 net/core/rtnetlink.c:5553
 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2502
 netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
 netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338
 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927
 sock_sendmsg_nosec net/socket.c:654 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:674
 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350
 ___sys_sendmsg+0xf3/0x170 net/socket.c:2404
 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46

Fixes: 919067cc84 ("net: add CONFIG_PCPU_DEV_REFCNT")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-03-29 16:31:51 -07:00
..
6lowpan 6lowpan: Fix some typos in nhc_udp.c 2021-03-24 17:52:11 -07:00
9p net: 9p: Correct function names in the kerneldoc comments 2021-03-28 17:56:56 -07:00
802
8021q net: bridge: resolve forwarding path for VLAN tag actions in bridge devices 2021-03-24 12:48:38 -07:00
appletalk
atm
ax25
batman-adv mld: convert ifmcaddr6 to RCU 2021-03-26 15:14:56 -07:00
bluetooth
bpf
bpfilter
bridge Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-03-25 15:31:22 -07:00
caif
can can: isotp: tx-path: zero initialize outgoing CAN frames 2021-03-20 20:21:35 +01:00
ceph net: ceph: Fix a typo in osdmap.c 2021-03-25 17:05:07 -07:00
core net: core: Correct function name netevent_unregister_notifier() in the kerneldoc 2021-03-28 17:56:56 -07:00
dcb
dccp ipv6: weaken the v4mapped source check 2021-03-18 11:19:23 -07:00
decnet net: decnet: Fix a typo in dn_nsp_in.c 2021-03-25 17:05:07 -07:00
dns_resolver
dsa net: dsa: Fix a typo in tag_rtl4_a.c 2021-03-25 17:05:08 -07:00
ethernet ethernet: avoid retpoline overhead on TEB (GENEVE, NvGRE, VxLAN) GRO 2021-03-18 19:51:12 -07:00
ethtool ethtool: fec: fix FEC_NONE check 2021-03-26 15:09:45 -07:00
hsr /net/hsr: fix misspellings using codespell tool 2021-03-18 19:13:41 -07:00
ieee802154
ife
ipv4 nexthop: Rename artifacts related to legacy multipath nexthop groups 2021-03-28 17:53:39 -07:00
ipv6 ip6_gre: proper dev_{hold|put} in ndo_[un]init methods 2021-03-29 16:31:51 -07:00
iucv iucv: af_iucv.c: Couple of typo fixes 2021-03-28 17:31:13 -07:00
kcm kcm: kcmsock.c: Couple of typo fixes 2021-03-28 17:31:13 -07:00
key
l2tp net: l2tp: Fix a typo 2021-03-22 13:17:49 -07:00
l3mdev l3mdev: Correct function names in the kerneldoc comments 2021-03-28 17:56:55 -07:00
lapb net: lapb: Make "lapb_t1timer_running" able to detect an already running timer 2021-03-23 14:14:50 -07:00
llc llc: llc_core.c: COuple of typo fixes 2021-03-28 17:31:13 -07:00
mac80211 mac80211: cfg.c: A typo fix 2021-03-28 17:31:13 -07:00
mac802154
mpls
mptcp mptcp: subflow.c: Fix a typo 2021-03-28 17:31:13 -07:00
ncsi ncsi: internal.h: Fix a spello 2021-03-28 17:31:13 -07:00
netfilter netfilter: nf_conntrack_acct.c: A typo fix 2021-03-28 17:31:14 -07:00
netlabel netlabel: Correct function name netlbl_mgmt_add() in the kerneldoc comments 2021-03-28 17:56:55 -07:00
netlink
netrom
nfc NFC: digital: Correct function name in the kerneldoc comments 2021-03-28 17:56:56 -07:00
nsh
openvswitch Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-03-25 15:31:22 -07:00
packet net/packet: Fix a typo in af_packet.c 2021-03-24 17:52:11 -07:00
phonet
psample
qrtr
rds net: rds: Fix a typo 2021-03-28 17:52:50 -07:00
rfkill
rose
rxrpc
sched Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-03-25 15:31:22 -07:00
sctp net: sctp: Fix some typos 2021-03-28 17:52:50 -07:00
smc
strparser
sunrpc
switchdev
tipc tipc: fix htmldoc and smatch warnings 2021-03-29 16:28:50 -07:00
tls net/tls: Fix a typo in tls_device.c 2021-03-24 17:52:11 -07:00
unix
vmw_vsock net: vsock: Fix a typo 2021-03-28 17:52:51 -07:00
wireless reg.c: Fix a spello 2021-03-28 17:31:14 -07:00
x25 af_x25.c: Fix a spello 2021-03-28 17:31:13 -07:00
xdp
xfrm xfrm_user.c: Added a punctuation 2021-03-28 17:31:14 -07:00
compat.c
devres.c
Kconfig net: add CONFIG_PCPU_DEV_REFCNT 2021-03-19 13:38:46 -07:00
Makefile
socket.c net: Fix a misspell in socket.c 2021-03-25 16:56:27 -07:00
sysctl_net.c