netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Dan Carpenter <dan.carpenter@oracle.com>
To: cong.wang@bytedance.com
Cc: netdev@vger.kernel.org
Subject: [bug report] net: fix dev_ifsioc_locked() race condition
Date: Tue, 16 Feb 2021 22:38:42 +0300	[thread overview]
Message-ID: <YCwfQn21MdZmE3CO@mwanda> (raw)

Hello Cong Wang,

The patch 3b23a32a6321: "net: fix dev_ifsioc_locked() race condition"
from Feb 11, 2021, leads to the following static checker warning:

	drivers/net/tap.c:1095 tap_ioctl()
	warn: check that 'sa.sa_family' doesn't leak information

drivers/net/tap.c
  1084  
  1085          case SIOCGIFHWADDR:
  1086                  rtnl_lock();
  1087                  tap = tap_get_tap_dev(q);
  1088                  if (!tap) {
  1089                          rtnl_unlock();
  1090                          return -ENOLINK;
  1091                  }
  1092                  ret = 0;
  1093                  dev_get_mac_address(&sa, dev_net(tap->dev), tap->dev->name);

How do you want to handle errors from dev_get_mac_address()?

  1094                  if (copy_to_user(&ifr->ifr_name, tap->dev->name, IFNAMSIZ) ||
  1095                      copy_to_user(&ifr->ifr_hwaddr, &sa, sizeof(sa)))
  1096                          ret = -EFAULT;
  1097                  tap_put_tap_dev(tap);
  1098                  rtnl_unlock();
  1099                  return ret;
  1100  

regards,
dan carpenter

             reply	other threads:[~2021-02-16 19:39 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-02-16 19:38 Dan Carpenter [this message]
2021-02-16 19:52 ` [bug report] net: fix dev_ifsioc_locked() race condition Cong Wang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YCwfQn21MdZmE3CO@mwanda \
    --to=dan.carpenter@oracle.com \
    --cc=cong.wang@bytedance.com \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).