From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Miller Subject: Re: [PATCH net] net: dsa: fix 'increment on 0' warning Date: Sun, 26 Nov 2017 04:24:15 +0900 (KST) Message-ID: <20171126.042415.1930556995301127898.davem@davemloft.net> References: <20171124163606.11212-1-vivien.didelot@savoirfairelinux.com> Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, kernel@savoirfairelinux.com, f.fainelli@gmail.com, andrew@lunn.ch, fengguang.wu@intel.com, wfg@linux.intel.com, lkp@01.org To: vivien.didelot@savoirfairelinux.com Return-path: In-Reply-To: <20171124163606.11212-1-vivien.didelot@savoirfairelinux.com> Sender: linux-kernel-owner@vger.kernel.org List-Id: netdev.vger.kernel.org From: Vivien Didelot Date: Fri, 24 Nov 2017 11:36:06 -0500 > Setting the refcount to 0 when allocating a tree to match the number of > switch devices it holds may cause an 'increment on 0; use-after-free', > if CONFIG_REFCOUNT_FULL is enabled. > > To fix this, do not decrement the refcount of a newly allocated tree, > increment it when an already allocated tree is found, and decrement it > after the probing of a switch, as done with the previous behavior. > > At the same time, make dsa_tree_get and dsa_tree_put accept a NULL > argument to simplify callers, and return the tree after incrementation, > as most kref users like of_node_get and of_node_put do. > > Fixes: 8e5bf9759a06 ("net: dsa: simplify tree reference counting") > Signed-off-by: Vivien Didelot Applied, thanks Vivien.