!9715 CVE-2024-38602 (4f840612) · Commits · EulixOS / Software / Kernel

include/net/ax25.h

+1 −2

Original line number	Diff line number	Diff line
		@@ -216,7 +216,7 @@ typedef struct {
		struct ctl_table;

		typedef struct ax25_dev {
		struct ax25_dev *next;
		struct list_head list;

		struct net_device *dev;
		netdevice_tracker dev_tracker;
		@@ -330,7 +330,6 @@ int ax25_addr_size(const ax25_digi *);
		void ax25_digi_invert(const ax25_digi , ax25_digi );

		/* ax25_dev.c */
		extern ax25_dev *ax25_dev_list;
		extern spinlock_t ax25_dev_lock;

		#if IS_ENABLED(CONFIG_AX25)

net/ax25/ax25_dev.c

+16 −27

Original line number	Diff line number	Diff line
		@@ -22,11 +22,12 @@
		#include <net/sock.h>
		#include <linux/uaccess.h>
		#include <linux/fcntl.h>
		#include <linux/list.h>
		#include <linux/mm.h>
		#include <linux/interrupt.h>
		#include <linux/init.h>

		ax25_dev *ax25_dev_list;
		static LIST_HEAD(ax25_dev_list);
		DEFINE_SPINLOCK(ax25_dev_lock);

		ax25_dev ax25_addr_ax25dev(ax25_address addr)
		@@ -34,10 +35,11 @@ ax25_dev ax25_addr_ax25dev(ax25_address addr)
		ax25_dev ax25_dev, res = NULL;

		spin_lock_bh(&ax25_dev_lock);
		for (ax25_dev = ax25_dev_list; ax25_dev != NULL; ax25_dev = ax25_dev->next)
		list_for_each_entry(ax25_dev, &ax25_dev_list, list)
		if (ax25cmp(addr, (const ax25_address *)ax25_dev->dev->dev_addr) == 0) {
		res = ax25_dev;
		ax25_dev_hold(ax25_dev);
		break;
		}
		spin_unlock_bh(&ax25_dev_lock);

		@@ -59,7 +61,6 @@ void ax25_dev_device_up(struct net_device *dev)
		}

		refcount_set(&ax25_dev->refcount, 1);
		dev->ax25_ptr = ax25_dev;
		ax25_dev->dev = dev;
		netdev_hold(dev, &ax25_dev->dev_tracker, GFP_KERNEL);
		ax25_dev->forward = NULL;
		@@ -85,10 +86,9 @@ void ax25_dev_device_up(struct net_device *dev)
		#endif

		spin_lock_bh(&ax25_dev_lock);
		ax25_dev->next = ax25_dev_list;
		ax25_dev_list = ax25_dev;
		list_add(&ax25_dev->list, &ax25_dev_list);
		dev->ax25_ptr = ax25_dev;
		spin_unlock_bh(&ax25_dev_lock);
		ax25_dev_hold(ax25_dev);

		ax25_register_dev_sysctl(ax25_dev);
		}
		@@ -111,32 +111,24 @@ void ax25_dev_device_down(struct net_device *dev)
		/*
		* Remove any packet forwarding that points to this device.
		*/
		for (s = ax25_dev_list; s != NULL; s = s->next)
		list_for_each_entry(s, &ax25_dev_list, list)
		if (s->forward == dev)
		s->forward = NULL;

		if ((s = ax25_dev_list) == ax25_dev) {
		ax25_dev_list = s->next;
		goto unlock_put;
		}

		while (s != NULL && s->next != NULL) {
		if (s->next == ax25_dev) {
		s->next = ax25_dev->next;
		list_for_each_entry(s, &ax25_dev_list, list) {
		if (s == ax25_dev) {
		list_del(&s->list);
		goto unlock_put;
		}

		s = s->next;
		}
		spin_unlock_bh(&ax25_dev_lock);
		dev->ax25_ptr = NULL;
		spin_unlock_bh(&ax25_dev_lock);
		ax25_dev_put(ax25_dev);
		return;

		unlock_put:
		spin_unlock_bh(&ax25_dev_lock);
		ax25_dev_put(ax25_dev);
		dev->ax25_ptr = NULL;
		spin_unlock_bh(&ax25_dev_lock);
		netdev_put(dev, &ax25_dev->dev_tracker);
		ax25_dev_put(ax25_dev);
		}
		@@ -200,16 +192,13 @@ struct net_device ax25_fwd_dev(struct net_device dev)
		*/
		void __exit ax25_dev_free(void)
		{
		ax25_dev s, ax25_dev;
		ax25_dev s, n;

		spin_lock_bh(&ax25_dev_lock);
		ax25_dev = ax25_dev_list;
		while (ax25_dev != NULL) {
		s = ax25_dev;
		netdev_put(ax25_dev->dev, &ax25_dev->dev_tracker);
		ax25_dev = ax25_dev->next;
		list_for_each_entry_safe(s, n, &ax25_dev_list, list) {
		netdev_put(s->dev, &s->dev_tracker);
		list_del(&s->list);
		kfree(s);
		}
		ax25_dev_list = NULL;
		spin_unlock_bh(&ax25_dev_lock);
		}