2007-06-08 07:41:22

by Chris Wright

[permalink] [raw]
Subject: [patch 46/54] NET: Fix race condition about network device name allocation.

-stable review patch. If anyone has any objections, please let us know.
---------------------

From: Stephen Hemminger <[email protected]>

Kenji Kaneshige found this race between device removal and
registration. On unregister it is possible for the old device to
exist, because sysfs file is still open. A new device with 'eth%d'
will select the same name, but sysfs kobject register will fial.

The following changes the shutdown order slightly. It hold a removes
the sysfs entries earlier (on unregister_netdevice), but holds a
kobject reference. Then when todo runs the actual last put free
happens.

Signed-off-by: Stephen Hemminger <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Chris Wright <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
net/core/dev.c | 10 ++++++----
net/core/net-sysfs.c | 8 +++++++-
2 files changed, 13 insertions(+), 5 deletions(-)

--- linux-2.6.21.4.orig/net/core/dev.c
+++ linux-2.6.21.4/net/core/dev.c
@@ -3135,7 +3135,6 @@ void netdev_run_todo(void)
continue;
}

- netdev_unregister_sysfs(dev);
dev->reg_state = NETREG_UNREGISTERED;

netdev_wait_allrefs(dev);
@@ -3146,11 +3145,11 @@ void netdev_run_todo(void)
BUG_TRAP(!dev->ip6_ptr);
BUG_TRAP(!dev->dn_ptr);

- /* It must be the very last action,
- * after this 'dev' may point to freed up memory.
- */
if (dev->destructor)
dev->destructor(dev);
+
+ /* Free network device */
+ kobject_put(&dev->dev.kobj);
}

out:
@@ -3305,6 +3304,9 @@ void unregister_netdevice(struct net_dev
/* Notifier chain MUST detach us from master device. */
BUG_TRAP(!dev->master);

+ /* Remove entries from sysfs */
+ netdev_unregister_sysfs(dev);
+
/* Finish processing unregister after unlock */
net_set_todo(dev);

--- linux-2.6.21.4.orig/net/core/net-sysfs.c
+++ linux-2.6.21.4/net/core/net-sysfs.c
@@ -451,9 +451,15 @@ static struct class net_class = {
#endif
};

+/* Delete sysfs entries but hold kobject reference until after all
+ * netdev references are gone.
+ */
void netdev_unregister_sysfs(struct net_device * net)
{
- device_del(&(net->dev));
+ struct device *dev = &(net->dev);
+
+ kobject_get(&dev->kobj);
+ device_del(dev);
}

/* Create sysfs entries for network device. */

--