[PATCH 1/1] veth: don't free priv->status until dev->destructor (v2)

From: root
Date: Wed Jun 24 2009 - 23:26:17 EST

Next message: Robin Holt: "Re: [PATCH 1/7] ia64, kdump: Mask MCA/INIT on freezing cpus"
Previous message: Baruch Siach: "Re: linux-next: origin tree build failure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Since commit ae0e8e82205c903978a79ebf5e31c670b61fa5b4, priv->status
has been freed at veth_close(). But that causes a NULL deref at
veth_xmit. This patch moves priv->status free back to the device
destructor. It also tries to prevent the original possible
sysfs-induced oops. All the stats are now gathered within one rcu
cycle, while the device free hook first sets the device stats struct to
NULL, waits an rcu cycle before freeing
it.

Changelog:
June 26: try to fix the original oops.

Signed-off-by: Serge Hallyn <serue@xxxxxxxxxx>
---
drivers/net/veth.c | 22 ++++++++++++++++++----
1 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/drivers/net/veth.c b/drivers/net/veth.c
index 87197dd..112add0 100644
--- a/drivers/net/veth.c
+++ b/drivers/net/veth.c
@@ -208,7 +208,7 @@ rx_drop:

static struct net_device_stats *veth_get_stats(struct net_device *dev)
{
- struct veth_priv *priv = netdev_priv(dev);
+ struct veth_priv *priv;
struct net_device_stats *dev_stats = &dev->stats;
unsigned int cpu;
struct veth_net_stats *stats;
@@ -220,6 +220,8 @@ static struct net_device_stats *veth_get_stats(struct net_device *dev)
dev_stats->tx_dropped = 0;
dev_stats->rx_dropped = 0;

+ rcu_read_lock();
+ priv = netdev_priv(dev);
if (priv->stats)
for_each_online_cpu(cpu) {
stats = per_cpu_ptr(priv->stats, cpu);
@@ -231,6 +233,7 @@ static struct net_device_stats *veth_get_stats(struct net_device *dev)
dev_stats->tx_dropped += stats->tx_dropped;
dev_stats->rx_dropped += stats->rx_dropped;
}
+ rcu_read_unlock();

return dev_stats;
}
@@ -257,8 +260,6 @@ static int veth_close(struct net_device *dev)
netif_carrier_off(dev);
netif_carrier_off(priv->peer);

- free_percpu(priv->stats);
- priv->stats = NULL;
return 0;
}

@@ -299,6 +300,19 @@ static const struct net_device_ops veth_netdev_ops = {
.ndo_set_mac_address = eth_mac_addr,
};

+static void veth_dev_free(struct net_device *dev)
+{
+ struct veth_priv *priv;
+ struct veth_net_stats *stats;
+
+ priv = netdev_priv(dev);
+ stats = priv->stats;
+ priv->stats = NULL;
+ synchronize_rcu();
+ free_percpu(stats);
+ free_netdev(dev);
+}
+
static void veth_setup(struct net_device *dev)
{
ether_setup(dev);
@@ -306,7 +320,7 @@ static void veth_setup(struct net_device *dev)
dev->netdev_ops = &veth_netdev_ops;
dev->ethtool_ops = &veth_ethtool_ops;
dev->features |= NETIF_F_LLTX;
- dev->destructor = free_netdev;
+ dev->destructor = veth_dev_free;
}

/*
--
1.6.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Robin Holt: "Re: [PATCH 1/7] ia64, kdump: Mask MCA/INIT on freezing cpus"
Previous message: Baruch Siach: "Re: linux-next: origin tree build failure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]