Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp756324pxp;
        Fri, 11 Mar 2022 14:17:50 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwAqrUzT7gKvBBH1McakDKjC6QIq9joQ2RkYzoCMLUZajmsj3Q2JvXJT7b5fzXOPG6yDBc0
X-Received: by 2002:a17:902:6b4a:b0:14d:474f:4904 with SMTP id g10-20020a1709026b4a00b0014d474f4904mr12702339plt.122.1647037070433;
        Fri, 11 Mar 2022 14:17:50 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1647037070; cv=none;
        d=google.com; s=arc-20160816;
        b=Vq/CuMqMcZ0Qe4ZWjATbRfHMWej7GD+A2M8Sw88Gj10pB1uV3xlay/xULKIKoDKzIP
         uLwzxERdAuOy5ITIkdiW03/Hw7VlvSL9Ee2wOWD9UVSyHrk6DiTwnNbqck+SYHCtTxNt
         KxY0KTN4wQIQPJTwd19wKOi56SIdw1OYwNMgvLIMVfH/jdrOKkhTYnrA811bjWtACLjI
         E36EpYsTw1nGhLe4XXzF28sNT4ZH4/aweHS2f1Zs4SJm5mCYdnuPfhKf8NFlrLtMH13a
         6pKXS7RCIbTSOk+WdS9zc5IDDfaseg1TSx9/rK53UvgYjvu6zKTxzd9hNaUibIK2WurE
         aZNw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from;
        bh=xnHeqFtcS5KA3UaAaaD2x6YEFUCThA8JDIpJ2fvdXXQ=;
        b=Z6K+KoW7FDnR4gbn5TmxiK2me1O/JI7iEARbR+SjW49hURp+5EZq3jVy5ZNwIzQR/Q
         ZVNEoRqcp6Fn+j10LGJbR9YkBFjlzrNFzppuWRPI5ilGlG8vIfXCdGo9qm45Eu7fAboS
         cFokedjiH24rBf3BLnKDUMYfiu55DK50zqjGKmSuPL5Vs2t4gDyg535i+JFNTD6U1soX
         12iOuH0IewbE8ILxxK0hmTtRRFX02etYQPap1qX/jzGp4GDjrzujLXt6xTDT2ffRO7MP
         HU7AZO4m66uEPXx+MhD+r8PG0LVAbb2oh8y9GVg3a6ey+65oruBM3ofZG1J2CGpQIcwd
         MjLg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19])
        by mx.google.com with ESMTPS id u62-20020a638541000000b0038037be6b2asi8773251pgd.544.2022.03.11.14.17.49
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 11 Mar 2022 14:17:50 -0800 (PST)
Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19;
Authentication-Results: mx.google.com;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id 3EBAE234052;
	Fri, 11 Mar 2022 13:27:20 -0800 (PST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236684AbiCKIqD (ORCPT <rfc822;shakeebbk@gmail.com> + 99 others);
        Fri, 11 Mar 2022 03:46:03 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51054 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232395AbiCKIqB (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 11 Mar 2022 03:46:01 -0500
Received: from szxga08-in.huawei.com (szxga08-in.huawei.com [45.249.212.255])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 78592184634;
        Fri, 11 Mar 2022 00:44:58 -0800 (PST)
Received: from canpemm500006.china.huawei.com (unknown [172.30.72.55])
        by szxga08-in.huawei.com (SkyGuard) with ESMTP id 4KFKBF1zN9z1GCM9;
        Fri, 11 Mar 2022 16:40:05 +0800 (CST)
Received: from localhost.localdomain (10.175.104.82) by
 canpemm500006.china.huawei.com (7.192.105.130) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2308.21; Fri, 11 Mar 2022 16:44:56 +0800
From:   Ziyang Xuan <william.xuanziyang@huawei.com>
To:     <davem@davemloft.net>, <kuba@kernel.org>, <netdev@vger.kernel.org>
CC:     <linux-kernel@vger.kernel.org>
Subject: [PATCH net-next 0/2] net: macvlan: fix potential UAF problem for lowerdev
Date:   Fri, 11 Mar 2022 17:02:41 +0800
Message-ID: <cover.1646989143.git.william.xuanziyang@huawei.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
Content-Transfer-Encoding: 7BIT
Content-Type:   text/plain; charset=US-ASCII
X-Originating-IP: [10.175.104.82]
X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To
 canpemm500006.china.huawei.com (7.192.105.130)
X-CFilter-Loop: Reflected
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE,
	SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no
	version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Add the reference operation to lowerdev of macvlan to avoid
the potential UAF problem under the following known scenario:

Someone module puts the NETDEV_UNREGISTER event handler to a
work, and lowerdev is accessed in the work handler. But when
the work is excuted, lowerdev has been destroyed because upper
macvlan did not get reference to lowerdev correctly.

In addition, add net device refcount tracker to macvlan.

Ziyang Xuan (2):
  net: macvlan: fix potential UAF problem for lowerdev
  net: macvlan: add net device refcount tracker

 drivers/net/macvlan.c      | 14 +++++++++++++-
 include/linux/if_macvlan.h |  1 +
 2 files changed, 14 insertions(+), 1 deletion(-)

-- 
2.25.1