Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0D9FBC433EF for ; Wed, 8 Dec 2021 23:58:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241260AbhLIACP (ORCPT ); Wed, 8 Dec 2021 19:02:15 -0500 Received: from ams.source.kernel.org ([145.40.68.75]:57308 "EHLO ams.source.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238024AbhLIACO (ORCPT ); Wed, 8 Dec 2021 19:02:14 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 3965CB82311; Wed, 8 Dec 2021 23:58:41 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C49A0C00446; Wed, 8 Dec 2021 23:58:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1639007920; bh=7nRwmELBED/pXoZE1UZHjca3QuaLjFUC/7GMuoTjSQ8=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=o/+Eh5pHo3NSQt+A8ZV6JbESSWfAA6Gny9fmDWO67nTeMRZtzVePLhp5JHIGtDSAg 1myCJhfnjBA7Lxgz7UHWfznqH/2DAJTxX/9fVR64jttXIqR3ULxh3Kqgp1rGCESphk TaPQJEXyT5upXi3oNZ7aoaVBCPFEmA37HKlu+8v3rNuDvgWP39Dhjb83tB2dRjRoH2 NbJFMKK6mCb2VoYXN5SGRZNByIAcrjqM8TkmOL04uy0AB4rX/d/jEpD2Ep2jJDxgL0 X5FDgZ0+3sRF9OwhmPX07Y5McpdP2kspyOM48ykqq3dMJjGId+Z2R3Z877zo5stu+E LkhraO8yuSK1w== Date: Wed, 8 Dec 2021 15:58:38 -0800 From: Jakub Kicinski To: George Kennedy Cc: Stephen Hemminger , Greg KH , davem@davemloft.net, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] tun: avoid double free in tun_free_netdev Message-ID: <20211208155838.24556030@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com> In-Reply-To: References: <1638974605-24085-1-git-send-email-george.kennedy@oracle.com> <022193b1-4ddd-f04e-aafa-ce249ec6d120@oracle.com> <20211208083614.61f386ad@hermes.local> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 8 Dec 2021 11:44:02 -0500 George Kennedy wrote: > > It looks like a lot of the problem is duplicate unwind. > > Why does err_free_flow, err_free_stat etc unwinds need to exist if > > the free_netdev is going to do same thing. > > Maybe instead do not call security_tun_dev_free_security(tun->security) > in err_free_flow if it's going to be done anyway in tun_free_netdev(). That won't be good either. register_netdevice() has multiple failure modes, it may or may not call the destructor depending on where it fails. Either the stuff that destructor undoes needs to be moved to ndo_init (which is what destructor always pairs with), or you can check dev->reg_state. If dev->reg_state is NETREG_UNREGISTERING that means the destructor will be caller later. The ndo_init way is preferable, just cut and past the appropriate lines preceding registration into a ndo_init callback.