Re: [PATCH 5.10 09/38] llc: fix netdevice reference leaks in llc_ui_bind()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi!

> From: Eric Dumazet <edumazet@xxxxxxxxxx>
> 
> commit 764f4eb6846f5475f1244767d24d25dd86528a4a upstream.
> 
> Whenever llc_ui_bind() and/or llc_ui_autobind()
> took a reference on a netdevice but subsequently fail,
> they must properly release their reference
> or risk the infamous message from unregister_netdevice()
> at device dismantle.
> 
> unregister_netdevice: waiting for eth0 to become free. Usage count =
> 3

Can someone check this? AFAICT this is buggy.

static int llc_ui_autobind(struct socket *sock, struct sockaddr_llc *addr)
{
        struct sock *sk = sock->sk;
        struct llc_sock *llc = llc_sk(sk);
        struct llc_sap *sap;
        int rc = -EINVAL;

        if (!sock_flag(sk, SOCK_ZAPPED))
                goto out;

There are 'goto out's from both before dev_get() and after it,
dev_put() will be called with NULL pointer. dev_put() can't handle
NULL at least in the old kernels... this is simply confused.

Mainline has dev_put_track() there, but I see same confusion.

Best regards,
								Pavel


> --- a/net/llc/af_llc.c
> +++ b/net/llc/af_llc.c
> @@ -311,6 +311,10 @@ static int llc_ui_autobind(struct socket
>  	sock_reset_flag(sk, SOCK_ZAPPED);
>  	rc = 0;
>  out:
> +	if (rc) {
> +		dev_put(llc->dev);
> +		llc->dev = NULL;
> +	}
>  	return rc;
>  }
>  
> @@ -409,6 +413,10 @@ static int llc_ui_bind(struct socket *so
>  out_put:
>  	llc_sap_put(sap);
>  out:
> +	if (rc) {
> +		dev_put(llc->dev);
> +		llc->dev = NULL;
> +	}
>  	release_sock(sk);
>  	return rc;
>  }
> 

-- 
 'DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk'
 'HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany'

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux