From: Jay Vosburgh <fubar@us.ibm.com>
To: Nikolay Aleksandrov <nikolay@redhat.com>
Cc: netdev@vger.kernel.org, andy@greyhouse.net, davem@davemloft.net
Subject: Re: [PATCH 4/4] bonding: fix multiple 3ad mode sysfs race conditions
Date: Fri, 17 May 2013 09:59:59 -0700 [thread overview]
Message-ID: <30362.1368809999@death.nxdomain> (raw)
In-Reply-To: <1368621162-6807-5-git-send-email-nikolay@redhat.com>
Nikolay Aleksandrov <nikolay@redhat.com> wrote:
>When bond_3ad_get_active_agg_info() is used in all show_ad_ functions
>it is not protected against slave manipulation and since it walks over
>the slaves and uses them, this can easily result in NULL pointer
>dereference or use of freed memory.
>
>Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com>
>---
> drivers/net/bonding/bond_sysfs.c | 21 ++++++++++++++++-----
> 1 file changed, 16 insertions(+), 5 deletions(-)
>
>diff --git a/drivers/net/bonding/bond_sysfs.c b/drivers/net/bonding/bond_sysfs.c
>index 77ea237..81ef36a 100644
>--- a/drivers/net/bonding/bond_sysfs.c
>+++ b/drivers/net/bonding/bond_sysfs.c
>@@ -1319,6 +1319,17 @@ static ssize_t bonding_show_mii_status(struct device *d,
> }
> static DEVICE_ATTR(mii_status, S_IRUGO, bonding_show_mii_status, NULL);
>
>+/* Wrapper used to hold bond->lock so no slave manipulation can occur */
>+static int get_active_agg_info(struct bonding *bond, struct ad_info *ad)
>+{
>+ int ret;
>+
>+ read_lock(&bond->lock);
>+ ret = bond_3ad_get_active_agg_info(bond, ad);
>+ read_unlock(&bond->lock);
>+
>+ return ret;
>+}
I think the patch is functionally fine, but the usual
nomenclature for adding a "wrapper" is to have the "functional" piece be
named "__function", and the "wrapper" piece to be just "function". In
this case, it would be __bond_3ad_get_active_agg_info for the "inside"
function (the current function that is being wrapped), and
bond_3ad_get_active_agg_info for the wrapper. Yes, this makes for a
different changeset (as some other calls already hold the locks and will
change to the __ version), but the end result is clearer.
-J
> /*
> * Show current 802.3ad aggregator ID.
>@@ -1333,7 +1344,7 @@ static ssize_t bonding_show_ad_aggregator(struct device *d,
> if (bond->params.mode == BOND_MODE_8023AD) {
> struct ad_info ad_info;
> count = sprintf(buf, "%d\n",
>- (bond_3ad_get_active_agg_info(bond, &ad_info))
>+ (get_active_agg_info(bond, &ad_info))
> ? 0 : ad_info.aggregator_id);
> }
>
>@@ -1355,7 +1366,7 @@ static ssize_t bonding_show_ad_num_ports(struct device *d,
> if (bond->params.mode == BOND_MODE_8023AD) {
> struct ad_info ad_info;
> count = sprintf(buf, "%d\n",
>- (bond_3ad_get_active_agg_info(bond, &ad_info))
>+ (get_active_agg_info(bond, &ad_info))
> ? 0 : ad_info.ports);
> }
>
>@@ -1377,7 +1388,7 @@ static ssize_t bonding_show_ad_actor_key(struct device *d,
> if (bond->params.mode == BOND_MODE_8023AD) {
> struct ad_info ad_info;
> count = sprintf(buf, "%d\n",
>- (bond_3ad_get_active_agg_info(bond, &ad_info))
>+ (get_active_agg_info(bond, &ad_info))
> ? 0 : ad_info.actor_key);
> }
>
>@@ -1399,7 +1410,7 @@ static ssize_t bonding_show_ad_partner_key(struct device *d,
> if (bond->params.mode == BOND_MODE_8023AD) {
> struct ad_info ad_info;
> count = sprintf(buf, "%d\n",
>- (bond_3ad_get_active_agg_info(bond, &ad_info))
>+ (get_active_agg_info(bond, &ad_info))
> ? 0 : ad_info.partner_key);
> }
>
>@@ -1420,7 +1431,7 @@ static ssize_t bonding_show_ad_partner_mac(struct device *d,
>
> if (bond->params.mode == BOND_MODE_8023AD) {
> struct ad_info ad_info;
>- if (!bond_3ad_get_active_agg_info(bond, &ad_info))
>+ if (!get_active_agg_info(bond, &ad_info))
> count = sprintf(buf, "%pM\n", ad_info.partner_system);
> }
>
>--
>1.8.1.4
>
---
-Jay Vosburgh, IBM Linux Technology Center, fubar@us.ibm.com
next prev parent reply other threads:[~2013-05-17 17:05 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-15 12:32 [PATCH 0/4] bonding: race and inconsistency fixes Nikolay Aleksandrov
2013-05-15 12:32 ` [PATCH 1/4] bonding: fix set mode race conditions Nikolay Aleksandrov
2013-05-15 12:32 ` [PATCH 2/4] bonding: replace %x with %pI4 for IPv4 addresses Nikolay Aleksandrov
2013-05-15 12:32 ` [PATCH 3/4] bonding: arp_ip_count and arp_targets can be wrong Nikolay Aleksandrov
2013-05-17 18:00 ` Jay Vosburgh
2013-05-15 12:32 ` [PATCH 4/4] bonding: fix multiple 3ad mode sysfs race conditions Nikolay Aleksandrov
2013-05-15 13:53 ` Sergei Shtylyov
2013-05-15 13:54 ` Nikolay Aleksandrov
2013-05-17 16:59 ` Jay Vosburgh [this message]
2013-05-18 2:45 ` Nikolay Aleksandrov
2013-05-17 8:30 ` [PATCH 0/4] bonding: race and inconsistency fixes David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=30362.1368809999@death.nxdomain \
--to=fubar@us.ibm.com \
--cc=andy@greyhouse.net \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=nikolay@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.