From: Kalle Valo <kvalo@adurom.com>
To: netdev@vger.kernel.org
Cc: linux-wireless@vger.kernel.org
Subject: A race in register_netdevice()
Date: Fri, 29 Apr 2011 01:36:37 +0300 [thread overview]
Message-ID: <87y62ugg0a.fsf@purkki.adurom.net> (raw)
Hi,
there seems to be a race in register_netdevice(), which is reported here:
https://bugzilla.kernel.org/show_bug.cgi?id=15606
This is visible at least with flimflam and ath6kl. Basically what
happens is this:
Apr 29 00:21:35 roska flimflamd[2598]: src/udev.c:add_net_device()
Apr 29 00:21:35 roska flimflamd[2598]: connman_inet_ifname: SIOCGIFNAME(index
4): No such device
Apr 29 00:21:45 roska flimflamd[2598]: src/rtnl.c:rtnl_message() buf
0xbfefda3c len 1004
Apr 29 00:21:45 roska flimflamd[2598]: src/rtnl.c:rtnl_message()
NEWLINK len 1004 type 16 flags 0x0000 seq 0
(ignore the 10 s delay, I added that to reproduce the issue easily)
There are two ways to fix this, first is to move kobject registration
after the call to list_netdevice():
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -5425,11 +5425,6 @@ int register_netdevice(struct net_device *dev)
if (ret)
goto err_uninit;
- ret = netdev_register_kobject(dev);
- if (ret)
- goto err_uninit;
- dev->reg_state = NETREG_REGISTERED;
-
netdev_update_features(dev);
/*
@@ -5443,6 +5438,11 @@ int register_netdevice(struct net_device *dev)
dev_hold(dev);
list_netdevice(dev);
+ ret = netdev_register_kobject(dev);
+ if (ret)
+ goto err_uninit;
+ dev->reg_state = NETREG_REGISTERED;
+
/* Notify protocols, that a new device appeared. */
ret = call_netdevice_notifiers(NETDEV_REGISTER, dev);
ret = notifier_to_errno(ret);
Other option, noticed by Jouni Malinen, is to take rtnl for
SIOCGIFNAME. For some reason it's currently unprotected:
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -4917,8 +4917,12 @@ int dev_ioctl(struct net *net, unsigned int
cmd, void __user *arg)
rtnl_unlock();
return ret;
}
- if (cmd == SIOCGIFNAME)
- return dev_ifname(net, (struct ifreq __user *)arg);
+ if (cmd == SIOCGIFNAME) {
+ rtnl_lock();
+ ret = dev_ifname(net, (struct ifreq __user
- *)arg);
+ rtnl_unlock();
+ return ret;
+ }
if (copy_from_user(&ifr, arg, sizeof(struct ifreq)))
return -EFAULT;
I have confirmed that both of these patches fix the issue. Now I'm
wondering which one is the best way forward. Or is there a better way
to fix this?
--
Kalle Valo
next reply other threads:[~2011-04-28 22:36 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-28 22:36 Kalle Valo [this message]
2011-04-28 23:52 ` A race in register_netdevice() Stephen Hemminger
2011-04-29 17:20 ` Kalle Valo
2011-05-03 23:18 ` Kalle Valo
2011-05-03 23:41 ` Stephen Hemminger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87y62ugg0a.fsf@purkki.adurom.net \
--to=kvalo@adurom.com \
--cc=linux-wireless@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).