Patchwork [3.5.y.z,extended,stable] Patch "bonding: fix race condition in bonding_store_slaves_active" has been added to staging queue

login
register
mail settings
Submitter Herton Ronaldo Krzesinski
Date Jan. 9, 2013, 4:55 p.m.
Message ID <1357750538-25151-1-git-send-email-herton.krzesinski@canonical.com>
Download mbox | patch
Permalink /patch/210770/
State New
Headers show

Comments

Herton Ronaldo Krzesinski - Jan. 9, 2013, 4:55 p.m.
This is a note to let you know that I have just added a patch titled

    bonding: fix race condition in bonding_store_slaves_active

to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.5.y-queue

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.5.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Herton

------

From 8bbcd221182e27fd816f23f22427c7ddcc4432af Mon Sep 17 00:00:00 2001
From: "nikolay@redhat.com" <nikolay@redhat.com>
Date: Thu, 29 Nov 2012 01:37:59 +0000
Subject: [PATCH] bonding: fix race condition in bonding_store_slaves_active

commit e196c0e579902f42cf72414461fb034e5a1ffbf7 upstream.

Race between bonding_store_slaves_active() and slave manipulation
 functions. The bond_for_each_slave use in bonding_store_slaves_active()
 is not protected by any synchronization mechanism.
 NULL pointer dereference is easy to reach.
 Fixed by acquiring the bond->lock for the slave walk.

 v2: Make description text < 75 columns

Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com>
Signed-off-by: Jay Vosburgh <fubar@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com>
---
 drivers/net/bonding/bond_sysfs.c |    2 ++
 1 file changed, 2 insertions(+)

--
1.7.9.5

Patch

diff --git a/drivers/net/bonding/bond_sysfs.c b/drivers/net/bonding/bond_sysfs.c
index 485bedb..9ea29aa 100644
--- a/drivers/net/bonding/bond_sysfs.c
+++ b/drivers/net/bonding/bond_sysfs.c
@@ -1582,6 +1582,7 @@  static ssize_t bonding_store_slaves_active(struct device *d,
 		goto out;
 	}

+	read_lock(&bond->lock);
 	bond_for_each_slave(bond, slave, i) {
 		if (!bond_is_active_slave(slave)) {
 			if (new_value)
@@ -1590,6 +1591,7 @@  static ssize_t bonding_store_slaves_active(struct device *d,
 				slave->inactive = 1;
 		}
 	}
+	read_unlock(&bond->lock);
 out:
 	return ret;
 }