From patchwork Tue Jul 28 17:46:37 2009 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Eric Dumazet X-Patchwork-Id: 30312 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@bilbo.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from ozlabs.org (ozlabs.org [203.10.76.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mx.ozlabs.org", Issuer "CA Cert Signing Authority" (verified OK)) by bilbo.ozlabs.org (Postfix) with ESMTPS id 5187CB7B60 for ; Wed, 29 Jul 2009 03:47:00 +1000 (EST) Received: by ozlabs.org (Postfix) id 14487DDD1B; Wed, 29 Jul 2009 03:47:00 +1000 (EST) Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.176.167]) by ozlabs.org (Postfix) with ESMTP id 8E54FDDD01 for ; Wed, 29 Jul 2009 03:46:59 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755038AbZG1Rqv (ORCPT ); Tue, 28 Jul 2009 13:46:51 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1753858AbZG1Rqu (ORCPT ); Tue, 28 Jul 2009 13:46:50 -0400 Received: from gw1.cosmosbay.com ([212.99.114.194]:48051 "EHLO gw1.cosmosbay.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753533AbZG1Rqu (ORCPT ); Tue, 28 Jul 2009 13:46:50 -0400 Received: from [127.0.0.1] (localhost [127.0.0.1]) by gw1.cosmosbay.com (8.13.7/8.13.7) with ESMTP id n6SHkb4W028056; Tue, 28 Jul 2009 19:46:37 +0200 Message-ID: <4A6F397D.6010606@gmail.com> Date: Tue, 28 Jul 2009 19:46:37 +0200 From: Eric Dumazet User-Agent: Thunderbird 2.0.0.22 (Windows/20090605) MIME-Version: 1.0 To: "David S. Miller" CC: Pavel Emelyanov , Igor M Podlesny , Andrew Morton , netdev@vger.kernel.org, Cyrill Gorcunov Subject: [PATCH] pppoe: fix race at init time References: <20090722134557.2457c5f5.akpm@linux-foundation.org> <43d009740907222339n50ebe411ya6453dc5a294b9a0@mail.gmail.com> <20090723000100.d74d6b1c.akpm@linux-foundation.org> <43d009740907272340g7f98ed55lfff38bfedd867a99@mail.gmail.com> <4A6EBA88.8030205@cosmosbay.com> <4A6ECA3A.4050309@openvz.org> <4A6EEF69.1050001@cosmosbay.com> <4A6EF0BF.2050801@gmail.com> <4A6EF705.6070403@openvz.org> <4A6EFA35.3060309@gmail.com> <4A6EFB81.4090105@gmail.com> <4A6F017B.4060909@gmail.com> In-Reply-To: <4A6F017B.4060909@gmail.com> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.6 (gw1.cosmosbay.com [0.0.0.0]); Tue, 28 Jul 2009 19:46:38 +0200 (CEST) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Eric Dumazet a écrit : > Eric Dumazet a écrit : >> Seems drivers/net/pppol2tp.c is a suspect... >> >> It uses register_pernet_gen_device() from pppol2tp_init() >> but doesnt call unregister_pernet_gen_device() > > OK patch seems really easy... > > This bug was added in commit 4e9fb8016a351b5b9da7fea32bcfdbc9d836e421 > net: pppol2tp - introduce net-namespace functionality > > So this is a stable candidate I guess ? > > Thank you So Igor still has a panic... lets try a third patch then :) [PATCH] pppoe: fix race at init time I believe we have a race in ppoe_init() : As soon as dev_add_pack(&pppoes_ptype); and/or dev_add_pack(&pppoed_ptype); are called, we can receive packets while nets not yet fully ready (ie : pppoe_init_net() not yet called) This means we should be prepared to get a NULL pointer from net_generic(net, pppoe_net_id) call. We miss this NULL check in get_item() and possibly crash if this nets has no struct pppoe_net attached yet. Other subroutines are safe. Signed-off-by: Eric Dumazet --- -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/drivers/net/pppoe.c b/drivers/net/pppoe.c index f0031f1..e50af8c 100644 --- a/drivers/net/pppoe.c +++ b/drivers/net/pppoe.c @@ -237,14 +237,15 @@ static struct pppox_sock *__delete_item(struct pppoe_net *pn, __be16 sid, static inline struct pppox_sock *get_item(struct pppoe_net *pn, __be16 sid, unsigned char *addr, int ifindex) { - struct pppox_sock *po; - - read_lock_bh(&pn->hash_lock); - po = __get_item(pn, sid, addr, ifindex); - if (po) - sock_hold(sk_pppox(po)); - read_unlock_bh(&pn->hash_lock); - + struct pppox_sock *po = NULL; + + if (pn) { + read_lock_bh(&pn->hash_lock); + po = __get_item(pn, sid, addr, ifindex); + if (po) + sock_hold(sk_pppox(po)); + read_unlock_bh(&pn->hash_lock); + } return po; }