Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp4079626imu; Sat, 24 Nov 2018 18:05:03 -0800 (PST) X-Google-Smtp-Source: AFSGD/V0jsnOXXHo5s3GbbeuYF8Twk7hsHiuLrE6tBCZ+cxby5K//73j5o9jvD1PPQanHRs3aaU9 X-Received: by 2002:a17:902:a70b:: with SMTP id w11mr21669690plq.84.1543111503012; Sat, 24 Nov 2018 18:05:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543111502; cv=none; d=google.com; s=arc-20160816; b=cvWqoKWDvBgLT1ybMReekJKaSFS13u4yVUfdFYMlgqDwluWO6r/VDm/d2FI1h/Auqh UtSKGPqD8reLzOwIuwRJN0uGIxW0mBM22uM3dP6I/bfqWmATgP4Ya/O5rVSAtS3g/hk3 dcjovAatX0jz+b9Jypg3u7suhgvIOxuxTY3aCyVIxuM3ls3/0af7AmTInq7h9W/oC1Wu 17/muNEiLLVcabXpgYFPzVRBVjoyfFSTmKf1DJ3KIajQzeH60UNhMPauEtuzL94+00qE dTABYureXU/NdhvCJFDlZvpqCiaAKHTOfQR/Rsg++aS1530BDPtpJNTA5Hn5iXKNe61V BxnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:from:subject:cc:to:message-id:date; bh=vtKwkEEEViGS0FqekEGIZ0/KVyTql+cJYDCUivrXynI=; b=jYX+AcacPtMcpAzpbgepW/BqBY+oY65EGV/zGrAabT3zHgzc/YpDPBnM2QQiJEfEeT Os5XUrikcjAdpoUcN6zOOYEnpkKnBy6NxMmg//7s/8jjPSNUiqzxwiamv+zdFB7GllKT /HikGnkz0xVPD/iLJ7QYTXaGPH8tdUIMLdU8GeVEEsu5E1rOntMydOBdVIQX6YBb3ku/ NAm+O39yi07Ml4/UWbWqCaUHU7zpeW5krNPVsT0LGlBZIKw/UwlukoGZnahfd46m8pGc 6oiKyhD60z9cJ9tV47uagd97hcN4fpFjRdFmOs2iCZXbaqIyUZxL4dW4l1Id0qv/Oh/3 gmHQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y20si25360360pgi.50.2018.11.24.18.04.43; Sat, 24 Nov 2018 18:05:02 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727128AbeKYMx5 (ORCPT + 99 others); Sun, 25 Nov 2018 07:53:57 -0500 Received: from shards.monkeyblade.net ([23.128.96.9]:60022 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726722AbeKYMx5 (ORCPT ); Sun, 25 Nov 2018 07:53:57 -0500 Received: from localhost (unknown [IPv6:2601:601:9f80:35cd::bf5]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: davem-davemloft) by shards.monkeyblade.net (Postfix) with ESMTPSA id DD6A214EA793F; Sat, 24 Nov 2018 18:04:02 -0800 (PST) Date: Sat, 24 Nov 2018 18:04:02 -0800 (PST) Message-Id: <20181124.180402.645583819668180736.davem@davemloft.net> To: nikolay@cumulusnetworks.com Cc: colin.king@canonical.com, roopa@cumulusnetworks.com, bridge@lists.linux-foundation.org, netdev@vger.kernel.org, kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] net: bridge: check for a null p->dev before dereferencing it From: David Miller In-Reply-To: <85963d6a-3411-9461-67aa-42e1fd02e663@cumulusnetworks.com> References: <20181124121551.6942-1-colin.king@canonical.com> <85963d6a-3411-9461-67aa-42e1fd02e663@cumulusnetworks.com> X-Mailer: Mew version 6.8 on Emacs 26.1 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Sat, 24 Nov 2018 18:04:03 -0800 (PST) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Nikolay Aleksandrov Date: Sat, 24 Nov 2018 14:21:07 +0200 > I was contacted recently about this privately and this was my reply: > "Checking new_nbp() and del_nbp() it should not be possible to reach that code > with p->dev or p->br as NULL. The cap check code has always been there, I just > shuffled the rest of the function to obtain rtnl lock and kept it as close to > the original as possible, thus the checks remained. > In order to avoid future reports like this I'll send a cleanup once net-next > opens up. > > My reasoning of why it shouldn't be possible: > - On port add new_nbp() sets both p->dev and p->br before creating kobj/sysfs > > - On port del (trickier) del_nbp() calls kobject_del() before call_rcu() to destroy > the port which in turn calls sysfs_remove_dir() which uses kernfs_remove() which > deactivates (shouldn't be able to open new files) and calls kernfs_drain() to drain > current open/mmaped files in the respective dir before continuing, thus making it > impossible to open a bridge port sysfs file with p->dev and p->br equal to NULL. > " > > So I think it's safe to remove those checks altogether. It'd be nice to get a second > look over my reasoning as I might be missing something in sysfs/kernfs call path. I did a once over your analysis and I agree, the checks should be safe to remove.