Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp6559746ybx; Mon, 11 Nov 2019 10:57:55 -0800 (PST) X-Google-Smtp-Source: APXvYqx3NM0kCUEd03snMhUs/DeUt7FsLrLwkWrH/M8UaByrQa2lp96c18jYf0Dv24kfg7QUPEF7 X-Received: by 2002:a50:b558:: with SMTP id z24mr28348776edd.67.1573498675654; Mon, 11 Nov 2019 10:57:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573498675; cv=none; d=google.com; s=arc-20160816; b=hc7jMO1d/QFN8Khziezm94Mc4Y3YiOtkVZXDK0ACFzmeM+hpg32SGi+bT5DLsbEzcE 3l5N+ZALF4t7dmYsOj6jvl/jHVKpM8gUIfCyF/9as1pfef415VP5+iTm3Ah2cPv2Mn32 P95NyIgr1PzdgBMQfzX04rLqXsO8JHX/ku50uuD2v8SlcC87zTwZ33yTqPzjLDLDGYqf 1QwzHo2hGayalb7PXBwPiBEYvffzGf+A2dvaDVW+7AR4WBMEN5JPZfNYINM4ywg5VtN4 eTOTFoKtDk7kzXTzsuaTfBsrWEa+bNKMm7EA/z4meF1A8wSyE35poniQyJ3jZcoyZBRe Jqcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=3VHGPCLLw5g9sZrgcOnsHcpGgN6FanB7ce1dFUf9VbU=; b=svgLri/BPL+lwqoXqF9S3EDOsZO508Cy56C5pTbkcntSXy+XYk2ExEZXEVCqpNDSmt q8EGb17HCSotMVv2O9Z0NtJzzVSnZpHJ+rpaoozRn4rUsE6Vyb2FWqiVy/kiW1rDNXT9 hewQWmSPiC5cfIb4kUm3KzX20ksLLGb9b+Jm0RyN36K5+cGv+G6yYvGV3pXfUHRc+Ypc X9lEm2hZXsslmdGjoqOVfCHz2bJ4JUbHX9t5Ky8jUPsKkuBnvE6OM74vl1TiX0uARaTK kWFj9EG4uWKIAYejOsrZw1oKzveQafx1uaTVIm6WmBEldDN2dsANAak8dguwETjZKYny E3xw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="jvqqH/e3"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j8si5883490ejv.343.2019.11.11.10.57.31; Mon, 11 Nov 2019 10:57:55 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="jvqqH/e3"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728461AbfKKSy4 (ORCPT + 99 others); Mon, 11 Nov 2019 13:54:56 -0500 Received: from mail.kernel.org ([198.145.29.99]:51218 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730590AbfKKSyv (ORCPT ); Mon, 11 Nov 2019 13:54:51 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id E8AD6204EC; Mon, 11 Nov 2019 18:54:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1573498490; bh=O41LwHklMQi00bcu3oEIE90jeboup3lfQjnvEm+zojQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=jvqqH/e3sTcuVfPDw97RTMDFVFHTV3ReFmljIWw7BclTxQg6dXuYU1P4HV273Yidj RpwuEx0SlaFIzvWl2vgYCEHxYr3aO5+8oXram8CFOzDMiGrXhc7V2Fve+6qSszpioo Jz8Sxvdg+avTSN6ITnh+JJBzfJzGoGmvdJkhrsHA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Taehee Yoo , "David S. Miller" , Sasha Levin Subject: [PATCH 5.3 134/193] macsec: fix refcnt leak in module exit routine Date: Mon, 11 Nov 2019 19:28:36 +0100 Message-Id: <20191111181511.052784136@linuxfoundation.org> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191111181459.850623879@linuxfoundation.org> References: <20191111181459.850623879@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Taehee Yoo [ Upstream commit 2bce1ebed17da54c65042ec2b962e3234bad5b47 ] When a macsec interface is created, it increases a refcnt to a lower device(real device). when macsec interface is deleted, the refcnt is decreased in macsec_free_netdev(), which is ->priv_destructor() of macsec interface. The problem scenario is this. When nested macsec interfaces are exiting, the exit routine of the macsec module makes refcnt leaks. Test commands: ip link add dummy0 type dummy ip link add macsec0 link dummy0 type macsec ip link add macsec1 link macsec0 type macsec modprobe -rv macsec [ 208.629433] unregister_netdevice: waiting for macsec0 to become free. Usage count = 1 Steps of exit routine of macsec module are below. 1. Calls ->dellink() in __rtnl_link_unregister(). 2. Checks refcnt and wait refcnt to be 0 if refcnt is not 0 in netdev_run_todo(). 3. Calls ->priv_destruvtor() in netdev_run_todo(). Step2 checks refcnt, but step3 decreases refcnt. So, step2 waits forever. This patch makes the macsec module do not hold a refcnt of the lower device because it already holds a refcnt of the lower device with netdev_upper_dev_link(). Fixes: c09440f7dcb3 ("macsec: introduce IEEE 802.1AE driver") Signed-off-by: Taehee Yoo Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- drivers/net/macsec.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index cb7637364b40d..1bd113b142ea7 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -3001,12 +3001,10 @@ static const struct nla_policy macsec_rtnl_policy[IFLA_MACSEC_MAX + 1] = { static void macsec_free_netdev(struct net_device *dev) { struct macsec_dev *macsec = macsec_priv(dev); - struct net_device *real_dev = macsec->real_dev; free_percpu(macsec->stats); free_percpu(macsec->secy.tx_sc.stats); - dev_put(real_dev); } static void macsec_setup(struct net_device *dev) @@ -3261,8 +3259,6 @@ static int macsec_newlink(struct net *net, struct net_device *dev, if (err < 0) return err; - dev_hold(real_dev); - macsec->nest_level = dev_get_nest_level(real_dev) + 1; netdev_lockdep_set_classes(dev); lockdep_set_class_and_subclass(&dev->addr_list_lock, -- 2.20.1