From patchwork Tue Nov 17 14:41:26 2009 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Eric Dumazet X-Patchwork-Id: 38638 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.176.167]) by ozlabs.org (Postfix) with ESMTP id 33CDC1007D3 for ; Wed, 18 Nov 2009 01:41:36 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753065AbZKQOlY (ORCPT ); Tue, 17 Nov 2009 09:41:24 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1753023AbZKQOlY (ORCPT ); Tue, 17 Nov 2009 09:41:24 -0500 Received: from gw1.cosmosbay.com ([212.99.114.194]:42100 "EHLO gw1.cosmosbay.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750905AbZKQOlY (ORCPT ); Tue, 17 Nov 2009 09:41:24 -0500 Received: from [127.0.0.1] (localhost [127.0.0.1]) by gw1.cosmosbay.com (8.13.7/8.13.7) with ESMTP id nAHEfQrH005480; Tue, 17 Nov 2009 15:41:26 +0100 Message-ID: <4B02B616.3020801@gmail.com> Date: Tue, 17 Nov 2009 15:41:26 +0100 From: Eric Dumazet User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: David Miller CC: netdev@vger.kernel.org, Patrick McHardy Subject: [PATCH] vlan: Fix register_vlan_dev() error path References: <4B01558F.5000306@gmail.com> <20091117.002037.229474882.davem@davemloft.net> In-Reply-To: <20091117.002037.229474882.davem@davemloft.net> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.6 (gw1.cosmosbay.com [0.0.0.0]); Tue, 17 Nov 2009 15:41:26 +0100 (CET) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org David Miller a écrit : > Eric, please make allocation failure cause the vlan_setup() > to fail and propagate -EFAULT back to the caller. Sure ! (You meant -ENOMEM probably...) While testing my new patch in OOM situations, I found following bug in vlan code, that gave me crashes or infinite loops. [PATCH] vlan: Fix register_vlan_dev() error path In case register_netdevice() returns an error, and a new vlan_group was allocated and inserted in vlan_group_hash[] we call vlan_group_free() without deleting group from hash table. Future lookups can give infinite loops or crashes. We must delete the vlan_group using RCU safe procedure. Signed-off-by: Eric Dumazet --- net/8021q/vlan.c | 7 +++++-- 1 files changed, 5 insertions(+), 2 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c index 8836575..a29c5ab 100644 --- a/net/8021q/vlan.c +++ b/net/8021q/vlan.c @@ -281,8 +281,11 @@ out_uninit_applicant: if (ngrp) vlan_gvrp_uninit_applicant(real_dev); out_free_group: - if (ngrp) - vlan_group_free(ngrp); + if (ngrp) { + hlist_del_rcu(&ngrp->hlist); + /* Free the group, after all cpu's are done. */ + call_rcu(&ngrp->rcu, vlan_rcu_free); + } return err; }