Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp6567903ybx; Mon, 11 Nov 2019 11:05:22 -0800 (PST) X-Google-Smtp-Source: APXvYqwBTRkpJFzEW+fpen/QPV+W7hhR2WlGGDXZ55Fx94dlOAqvwZ/uGfOGpA5/fAp0ttket3QL X-Received: by 2002:a17:906:f191:: with SMTP id gs17mr22180440ejb.207.1573499122409; Mon, 11 Nov 2019 11:05:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573499122; cv=none; d=google.com; s=arc-20160816; b=i76xuNru6QrlNG+38Nk49W8R63mGUszZZOoalCix668vzZWjP1DVnLfBWbtxzxA8Sx kWa/22RKS611M3QW8r6aEemfAR03JtkQ01aayJJV+FlOLsApDaIY9cQQGY3t1zxHGfr0 y+cLgyQH80GgUc7Ovm5PfjQzhJcCSDLiwsA2wCyNArv52fbg4SDlgUCT0AgdGGCyr7wC Bpn4iToiUjG486MnJaRkC2TFB1Nl5RM0Ff/rJOnGajMy/e0iuYY33nMMEkcpsmLPLKuw EMGU4slHL1hGASNV6v0L836dtAbaDREZyDOhQquLOn1qwUrDtpnvafOARP7Xn8UJJqpq ydZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=DEm1Qar6vEAE+TNBzAkSaROm0z7ctq1NBh/FEuUQFWo=; b=pzxeIQ75RenjAAt0DInSQca27EO9oKRcSZMJbAQs9ybKpNXjUR6hsH6EV89VPCZpWv sWgCLo0WAqbqPM4Cey/kb9byY/L6dtEQ2+nGiqtjnx93WVbkSQeLawaKuCpGi4fd7BFw D9/xMaAA7aEe5NbANaKcL8sd4vd8MajkmT9+5hNU4LCFIrip1m2lbhTQria7gNOD1JSK o+0oMYckD9wxl23335lYfIvZuIO6P+Bc3LvrloOYmMxoVgcEVOyRfdcKNaZUjb9bFH2s XysEg/p9vH0CSb/w2ShhZhDvB9CCawwFTG4Ry0LCRaRtUksIPE6c44YrHQHHNPlsNU5u BAig== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=nppqzqb6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t18si10151770eji.130.2019.11.11.11.04.54; Mon, 11 Nov 2019 11:05:22 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=nppqzqb6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729768AbfKKSou (ORCPT + 99 others); Mon, 11 Nov 2019 13:44:50 -0500 Received: from mail.kernel.org ([198.145.29.99]:36598 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728627AbfKKSot (ORCPT ); Mon, 11 Nov 2019 13:44:49 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 0AADF20674; Mon, 11 Nov 2019 18:44:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1573497888; bh=XXU3KuVpPqvwxj/p7e1akCU0d/Vt4OZCokodGA0grYY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=nppqzqb67HjYHrVchW+x3dCyjXMfhFkhhtzfy/PLRSMXw1rOH+mQN5Jb9Kbo3st+f uA1GkB0HFIIubMZKwy0hANPuzhX5n307LAVc7SL3N7d0W77ubo2tOvGQGvOipAUY93 pxQGhOFFJ5x55V1729uMObSTTGB+No3i0ii9VwDI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Taehee Yoo , "David S. Miller" , Sasha Levin Subject: [PATCH 4.19 088/125] macsec: fix refcnt leak in module exit routine Date: Mon, 11 Nov 2019 19:28:47 +0100 Message-Id: <20191111181451.823737572@linuxfoundation.org> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191111181438.945353076@linuxfoundation.org> References: <20191111181438.945353076@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Taehee Yoo [ Upstream commit 2bce1ebed17da54c65042ec2b962e3234bad5b47 ] When a macsec interface is created, it increases a refcnt to a lower device(real device). when macsec interface is deleted, the refcnt is decreased in macsec_free_netdev(), which is ->priv_destructor() of macsec interface. The problem scenario is this. When nested macsec interfaces are exiting, the exit routine of the macsec module makes refcnt leaks. Test commands: ip link add dummy0 type dummy ip link add macsec0 link dummy0 type macsec ip link add macsec1 link macsec0 type macsec modprobe -rv macsec [ 208.629433] unregister_netdevice: waiting for macsec0 to become free. Usage count = 1 Steps of exit routine of macsec module are below. 1. Calls ->dellink() in __rtnl_link_unregister(). 2. Checks refcnt and wait refcnt to be 0 if refcnt is not 0 in netdev_run_todo(). 3. Calls ->priv_destruvtor() in netdev_run_todo(). Step2 checks refcnt, but step3 decreases refcnt. So, step2 waits forever. This patch makes the macsec module do not hold a refcnt of the lower device because it already holds a refcnt of the lower device with netdev_upper_dev_link(). Fixes: c09440f7dcb3 ("macsec: introduce IEEE 802.1AE driver") Signed-off-by: Taehee Yoo Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- drivers/net/macsec.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index 0dc92d2faa64d..05115fb0c97a9 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -3008,12 +3008,10 @@ static const struct nla_policy macsec_rtnl_policy[IFLA_MACSEC_MAX + 1] = { static void macsec_free_netdev(struct net_device *dev) { struct macsec_dev *macsec = macsec_priv(dev); - struct net_device *real_dev = macsec->real_dev; free_percpu(macsec->stats); free_percpu(macsec->secy.tx_sc.stats); - dev_put(real_dev); } static void macsec_setup(struct net_device *dev) @@ -3268,8 +3266,6 @@ static int macsec_newlink(struct net *net, struct net_device *dev, if (err < 0) return err; - dev_hold(real_dev); - macsec->nest_level = dev_get_nest_level(real_dev) + 1; netdev_lockdep_set_classes(dev); lockdep_set_class_and_subclass(&dev->addr_list_lock, -- 2.20.1