Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp4282283pxb; Sun, 27 Mar 2022 15:51:27 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwHkgS7i2d9U2obTFCudEdzCHb4JqqMRBK62QkxVzlIoHNQux+mPevLzndfuWbw1LIETxY7 X-Received: by 2002:a17:906:37cd:b0:6e0:bdb6:f309 with SMTP id o13-20020a17090637cd00b006e0bdb6f309mr12985127ejc.394.1648421486906; Sun, 27 Mar 2022 15:51:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648421486; cv=none; d=google.com; s=arc-20160816; b=SrZ+xU0bMNf5aRlFJsX6MS8n03kCLOTQByONqASR7tRekmEIF3AIsSPL8bj1WVpyu/ 0XLyhyIPHJEIxvN6SQ70c1yx9FYwSxIhZr8pO4KpcTnBGZsEcdp5Y1qsJx0Vr1d94687 yAjoP/+D+Vz7Wwkdvh+OiI2xQsB5QhVucVieWwINTAYuqLDtFDTIsuW3ONNyN6h5wGGl XxS84BROIlz9+jedYv/dx0/gBTMc9JYqCV9Y2r9pOUOFZTD09dy4vf8WfkJUKDRBRVpz hmNsvDrDrzqbOGDkmcDshMG2bgNgg8Q5h6D0UTa5ABRO2hJcVJ93GQpUqdtqZ+ZgTcfx uaOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=p4xSvFMJ5eIW/u9R2ZSvmqtY8mtg/GR8ZaGgBnRx+Dk=; b=EC3QA0K1aO0NU3vR0R/0XfVqoXtfMKm3/gu7PBWVR6bzu8QNyrYFR5aFbmTVpov2PU 4M/RuAzHwpS8mVMdXfPUkp8eDgvC5pgCBEW3KfcfbCIcJsqyHvHlhicVDueR6eNgrjl9 kd6D6E9XAVLJNUjrBZrjw1E+ptoB9O6kYvZo3koZlgHh52J5Bbd/ujZ+ocNZT9vnjbV/ 7UWXnr9ITuX72IJ1XB/qjCz32tJv74Dpd/UhRvP9Q05D9HhcSXlg7m9QcfHPBRs8bVKu yV9AOQE4hN0lONw4jy4Ok8o2RLnKF1NyYyl6NevBDv0pJ1HsLAaW5HPUnJzdBcpFIIYM XIHw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id gv5-20020a170906f10500b006df76385d29si11207960ejb.457.2022.03.27.15.51.00; Sun, 27 Mar 2022 15:51:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234878AbiCZULG (ORCPT + 99 others); Sat, 26 Mar 2022 16:11:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44484 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233938AbiCZULD (ORCPT ); Sat, 26 Mar 2022 16:11:03 -0400 Received: from jabberwock.ucw.cz (jabberwock.ucw.cz [46.255.230.98]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BBE872F025; Sat, 26 Mar 2022 13:09:25 -0700 (PDT) Received: by jabberwock.ucw.cz (Postfix, from userid 1017) id 3695B1C0BB0; Sat, 26 Mar 2022 21:09:23 +0100 (CET) Date: Sat, 26 Mar 2022 21:09:22 +0100 From: Pavel Machek To: Greg Kroah-Hartman Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org, Eric Dumazet , =?utf-8?B?6LW15a2Q6L2p?= , Stoyan Manolov , Jakub Kicinski Subject: Re: [PATCH 5.10 09/38] llc: fix netdevice reference leaks in llc_ui_bind() Message-ID: <20220326200922.GA9262@duo.ucw.cz> References: <20220325150419.757836392@linuxfoundation.org> <20220325150420.029041400@linuxfoundation.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="3V7upXqbjpZ4EhLz" Content-Disposition: inline In-Reply-To: <20220325150420.029041400@linuxfoundation.org> User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --3V7upXqbjpZ4EhLz Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi! > From: Eric Dumazet >=20 > commit 764f4eb6846f5475f1244767d24d25dd86528a4a upstream. >=20 > Whenever llc_ui_bind() and/or llc_ui_autobind() > took a reference on a netdevice but subsequently fail, > they must properly release their reference > or risk the infamous message from unregister_netdevice() > at device dismantle. >=20 > unregister_netdevice: waiting for eth0 to become free. Usage count =3D > 3 Can someone check this? AFAICT this is buggy. static int llc_ui_autobind(struct socket *sock, struct sockaddr_llc *addr) { struct sock *sk =3D sock->sk; struct llc_sock *llc =3D llc_sk(sk); struct llc_sap *sap; int rc =3D -EINVAL; if (!sock_flag(sk, SOCK_ZAPPED)) goto out; There are 'goto out's from both before dev_get() and after it, dev_put() will be called with NULL pointer. dev_put() can't handle NULL at least in the old kernels... this is simply confused. Mainline has dev_put_track() there, but I see same confusion. Best regards, Pavel > --- a/net/llc/af_llc.c > +++ b/net/llc/af_llc.c > @@ -311,6 +311,10 @@ static int llc_ui_autobind(struct socket > sock_reset_flag(sk, SOCK_ZAPPED); > rc =3D 0; > out: > + if (rc) { > + dev_put(llc->dev); > + llc->dev =3D NULL; > + } > return rc; > } > =20 > @@ -409,6 +413,10 @@ static int llc_ui_bind(struct socket *so > out_put: > llc_sap_put(sap); > out: > + if (rc) { > + dev_put(llc->dev); > + llc->dev =3D NULL; > + } > release_sock(sk); > return rc; > } >=20 --=20 'DENX Software Engineering GmbH, Managing Director: Wolfgang Denk' 'HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany' --3V7upXqbjpZ4EhLz Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABECAB0WIQRPfPO7r0eAhk010v0w5/Bqldv68gUCYj9y8gAKCRAw5/Bqldv6 8h/cAJ4vX1+h9QW7Q/pvas30WjEzLdg8MwCfZF1E35R7f/ffM8EqeyceUOPfknQ= =lPmf -----END PGP SIGNATURE----- --3V7upXqbjpZ4EhLz--