ax25: NPD bug when detaching AX25 device (1ade48d0) · Commits · Mirrors / git.kernel.org / pub_scm_linux_kernel_git_stable_linux

Commit 1ade48d0 authored Dec 17, 2021 by

Lin Ma Committed by David S. Miller Dec 18, 2021

ax25: NPD bug when detaching AX25 device



The existing cleanup routine implementation is not well synchronized
with the syscall routine. When a device is detaching, below race could
occur.

static int ax25_sendmsg(...) {
  ...
  lock_sock()
  ax25 = sk_to_ax25(sk);
  if (ax25->ax25_dev == NULL) // CHECK
  ...
  ax25_queue_xmit(skb, ax25->ax25_dev->dev); // USE
  ...
}

static void ax25_kill_by_device(...) {
  ...
  if (s->ax25_dev == ax25_dev) {
    s->ax25_dev = NULL;
    ...
}

Other syscall functions like ax25_getsockopt, ax25_getname,
ax25_info_show also suffer from similar races. To fix them, this patch
introduce lock_sock() into ax25_kill_by_device in order to guarantee
that the nullify action in cleanup routine cannot proceed when another
socket request is pending.

Signed-off-by: Hanjie Wu <nagi@zju.edu.cn>
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent b2f37aea

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit 0cccaf8b
· Dec 30, 2021

mentioned in commit 0cccaf8b

mentioned in commit 0cccaf8b6f3f8b4b9974fb5dd661dce88f8aa555

Toggle commit list
mirror @mirror
mentioned in commit bd05a8f1
· Dec 30, 2021

mentioned in commit bd05a8f1

mentioned in commit bd05a8f1b7368ef4f7845548312fc61ab4fa63ce

Toggle commit list
mirror @mirror
mentioned in commit 3d3d6f7a
· Dec 30, 2021

mentioned in commit 3d3d6f7a

mentioned in commit 3d3d6f7a2d4e9b5666c9c9e6a83dc2bb0c92a05a

Toggle commit list
mirror @mirror
mentioned in commit bc284281
· Dec 30, 2021

mentioned in commit bc284281

mentioned in commit bc284281e7da02fdc16914295c4d7ac65f09f744

Toggle commit list
mirror @mirror
mentioned in commit 8e34d07d
· Dec 30, 2021

mentioned in commit 8e34d07d

mentioned in commit 8e34d07dd4d9f7811d8ae35adee24e78a4576844

Toggle commit list
mirror @mirror
mentioned in commit a8e4a64c
· Dec 30, 2021

mentioned in commit a8e4a64c

mentioned in commit a8e4a64cdc977cda02d7c95cd01004fd33978ab7

Toggle commit list
mirror @mirror
mentioned in commit df8f79bc
· Dec 30, 2021

mentioned in commit df8f79bc

mentioned in commit df8f79bcc2e431bb6e1f0a8202cd2b06fd429889

Toggle commit list
mirror @mirror
mentioned in commit a509dbde
· Feb 24, 2022

mentioned in commit a509dbde

mentioned in commit a509dbde35fa51d140512cbcf50068a84fdb7aad

Toggle commit list
mirror @mirror
mentioned in commit 3072e728
· Feb 24, 2022

mentioned in commit 3072e728

mentioned in commit 3072e72814de56f3c674650a8af98233ddf78b19

Toggle commit list
mirror @mirror
mentioned in commit 851901d3
· Feb 24, 2022

mentioned in commit 851901d3

mentioned in commit 851901d339b2ba766ffcf754d37a6f52fa07cea2

Toggle commit list
mirror @mirror
mentioned in commit b9a229fd
· Feb 24, 2022

mentioned in commit b9a229fd

mentioned in commit b9a229fd48bfa45edb954c75a57e3931a3da6c5f

Toggle commit list
mirror @mirror
mentioned in commit cfc8b37e
· Feb 24, 2022

mentioned in commit cfc8b37e

mentioned in commit cfc8b37ef0418529e3719c2d128e59e74a3114b0

Toggle commit list

Please register or to comment