linux

mirror of https://github.com/torvalds/linux.git synced 2026-06-08 06:25:52 +02:00

History

Taehee Yoo cf7318b750 net: rmnet: fix lower interface leak commit `2a762e9e8c` upstream. There are two types of the lower interface of rmnet that are VND and BRIDGE. Each lower interface can have only one type either VND or BRIDGE. But, there is a case, which uses both lower interface types. Due to this unexpected behavior, lower interface leak occurs. Test commands: ip link add dummy0 type dummy ip link add dummy1 type dummy ip link add rmnet0 link dummy0 type rmnet mux_id 1 ip link set dummy1 master rmnet0 ip link add rmnet1 link dummy1 type rmnet mux_id 2 ip link del rmnet0 The dummy1 was attached as BRIDGE interface of rmnet0. Then, it also was attached as VND interface of rmnet1. This is unexpected behavior and there is no code for handling this case. So that below splat occurs when the rmnet0 interface is deleted. Splat looks like: [ 53.254112][ C1] WARNING: CPU: 1 PID: 1192 at net/core/dev.c:8992 rollback_registered_many+0x986/0xcf0 [ 53.254117][ C1] Modules linked in: rmnet dummy openvswitch nsh nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 nfx [ 53.254182][ C1] CPU: 1 PID: 1192 Comm: ip Not tainted 5.8.0-rc1+ #620 [ 53.254188][ C1] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 53.254192][ C1] RIP: 0010:rollback_registered_many+0x986/0xcf0 [ 53.254200][ C1] Code: 41 8b 4e cc 45 31 c0 31 d2 4c 89 ee 48 89 df e8 e0 47 ff ff 85 c0 0f 84 cd fc ff ff 0f 0b e5 [ 53.254205][ C1] RSP: 0018:ffff888050a5f2e0 EFLAGS: 00010287 [ 53.254214][ C1] RAX: ffff88805756d658 RBX: ffff88804d99c000 RCX: ffffffff8329d323 [ 53.254219][ C1] RDX: 1ffffffff0be6410 RSI: 0000000000000008 RDI: ffffffff85f32080 [ 53.254223][ C1] RBP: dffffc0000000000 R08: fffffbfff0be6411 R09: fffffbfff0be6411 [ 53.254228][ C1] R10: ffffffff85f32087 R11: 0000000000000001 R12: ffff888050a5f480 [ 53.254233][ C1] R13: ffff88804d99c0b8 R14: ffff888050a5f400 R15: ffff8880548ebe40 [ 53.254238][ C1] FS: 00007f6b86b370c0(0000) GS:ffff88806c200000(0000) knlGS:0000000000000000 [ 53.254243][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 53.254248][ C1] CR2: 0000562c62438758 CR3: 000000003f600005 CR4: 00000000000606e0 [ 53.254253][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 53.254257][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 53.254261][ C1] Call Trace: [ 53.254266][ C1] ? lockdep_hardirqs_on_prepare+0x379/0x540 [ 53.254270][ C1] ? netif_set_real_num_tx_queues+0x780/0x780 [ 53.254275][ C1] ? rmnet_unregister_real_device+0x56/0x90 [rmnet] [ 53.254279][ C1] ? __kasan_slab_free+0x126/0x150 [ 53.254283][ C1] ? kfree+0xdc/0x320 [ 53.254288][ C1] ? rmnet_unregister_real_device+0x56/0x90 [rmnet] [ 53.254293][ C1] unregister_netdevice_many.part.135+0x13/0x1b0 [ 53.254297][ C1] rtnl_delete_link+0xbc/0x100 [ 53.254301][ C1] ? rtnl_af_register+0xc0/0xc0 [ 53.254305][ C1] rtnl_dellink+0x2dc/0x840 [ 53.254309][ C1] ? find_held_lock+0x39/0x1d0 [ 53.254314][ C1] ? valid_fdb_dump_strict+0x620/0x620 [ 53.254318][ C1] ? rtnetlink_rcv_msg+0x457/0x890 [ 53.254322][ C1] ? lock_contended+0xd20/0xd20 [ 53.254326][ C1] rtnetlink_rcv_msg+0x4a8/0x890 [ ... ] [ 73.813696][ T1192] unregister_netdevice: waiting for rmnet0 to become free. Usage count = 1 Fixes: `037f9cdf72` ("net: rmnet: use upper/lower device infrastructure") Signed-off-by: Taehee Yoo <ap420073@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2020-07-22 09:31:58 +02:00
..
accessibility
acpi	ACPI: sysfs: Fix pm_profile_attr type	2020-06-30 23:17:15 -04:00
amba
android	binder: take read mode of mmap_sem in binder_alloc_free_page()	2020-05-02 17:25:48 +02:00
ata	ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function	2020-06-30 23:17:13 -04:00
atm	fore200e: Fix incorrect checks of NULL pointer dereference	2020-02-24 08:34:42 +01:00
auxdisplay
base	regmap: fix alignment issue	2020-07-16 08:17:21 +02:00
bcma	bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA	2020-01-27 14:51:09 +01:00
block	nbd: Fix memory leak in nbd_add_socket	2020-07-16 08:17:24 +02:00
bluetooth	Bluetooth: hci_bcm: fix freeing not-requested IRQ	2020-06-22 09:05:26 +02:00
bus	bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads	2020-04-17 10:48:37 +02:00
cdrom
char	hwrng: ks-sa - Fix runtime PM imbalance on error	2020-06-30 23:17:14 -04:00
clk	clk: sprd: return correct type of value for _sprd_pll_recalc_rate	2020-06-25 15:33:00 +02:00
clocksource	clocksource: dw_apb_timer_of: Fix missing clockevent timers	2020-06-22 09:05:11 +02:00
connector
cpufreq	cpufreq: intel_pstate: Only mention the BIOS disabling turbo mode once	2020-05-20 08:18:40 +02:00
cpuidle	cpuidle: Fix three reference count leaks	2020-06-22 09:05:20 +02:00
crypto	crypto: omap-sham - add proper load balancing support for multicore	2020-06-25 15:33:02 +02:00
dax
dca
devfreq	Revert "PM / devfreq: Modify the device name as devfreq(X) for sysfs"	2020-03-05 16:42:18 +01:00
dio
dma	PCI: Move Rohm Vendor ID to generic list	2020-06-22 09:05:23 +02:00
dma-buf
edac	EDAC/amd64: Read back the scrub rate PCI register on F15h	2020-07-09 09:37:09 +02:00
eisa
extcon	extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()'	2020-06-25 15:33:01 +02:00
firewire
firmware	efi: Make it possible to disable efivar_ssdt entirely	2020-07-09 09:37:13 +02:00
fmc
fpga	fpga: dfl: afu: Corrected error handling levels	2020-06-25 15:32:58 +02:00
fsi	fsi: sbefifo: Don't fail operations when in SBE IPL state	2020-01-27 14:51:00 +01:00
gnss	gnss: sirf: fix error return code in sirf_probe()	2020-06-22 09:05:28 +02:00
gpio	gpio: dwapb: Append MODULE_ALIAS for platform driver	2020-06-25 15:32:53 +02:00
gpu	drm/radeon: fix double free	2020-07-16 08:17:27 +02:00
hid	HID: Add quirks for Trust Panora Graphic Tablet	2020-06-25 15:32:56 +02:00
hsi
hv	x86/Hyper-V: Report crash data in die() when panic_on_oops is set	2020-04-23 10:30:17 +02:00
hwmon	hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add()	2020-07-09 09:37:11 +02:00
hwspinlock
hwtracing	intel_th: pci: Add Elkhart Lake CPU support	2020-03-25 08:06:11 +01:00
i2c	i2c: mlxcpld: check correct size of maximum RECV_LEN packet	2020-07-09 09:37:11 +02:00
ide	ide: serverworks: potential overflow in svwks_set_pio_mode()	2020-02-24 08:34:49 +01:00
idle
iio	iio: bmp280: fix compensation of humidity	2020-06-25 15:32:49 +02:00
infiniband	RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads()	2020-06-30 23:17:11 -04:00
input	Input: synaptics - add a second working PNP_ID for Lenovo T470s	2020-06-22 09:05:00 +02:00
iommu	iommu: Fix reference count leak in iommu_group_alloc.	2020-06-03 08:19:41 +02:00
ipack	ipack: tpci200: fix error return code in tpci200_register()	2020-05-27 17:37:43 +02:00
irqchip	irqchip/gic: Atomically update affinity	2020-07-09 09:37:12 +02:00
isdn	PCI: add USR vendor id and use it in r8169 and w6692 driver	2020-06-22 09:05:23 +02:00
leds	leds: pca963x: Fix open-drain initialization	2020-02-24 08:34:35 +01:00
lightnvm	lightnvm: pblk: fix lock order in pblk_rb_tear_down_check	2020-01-27 14:50:45 +01:00
macintosh	drivers/macintosh: Fix memleak in windfarm_pm112 driver	2020-06-22 09:05:29 +02:00
mailbox	mailbox: qcom-apcs: fix max_register value	2020-01-27 14:51:14 +01:00
mcb
md	dm: use noio when sending kobject event	2020-07-16 08:17:27 +02:00
media	media: ov5640: fix use of destroyed mutex	2020-06-22 09:05:27 +02:00
memory	memory: tegra: Don't invoke Tegra30+ specific memory timing setup on Tegra20	2020-01-27 14:50:13 +01:00
memstick
message	scsi: mptscsih: Fix read sense data size	2020-07-16 08:17:23 +02:00
mfd	mfd: wm8994: Fix driver operation if loaded as modules	2020-06-25 15:32:50 +02:00
misc	PCI: Add Synopsys endpoint EDDA Device ID	2020-06-22 09:05:24 +02:00
mmc	mmc: sdhci-esdhc-imx: fix the mask for tuning start point	2020-06-22 09:05:20 +02:00
mtd	mtd: rawnand: marvell: Fix the condition on a return code	2020-06-30 23:17:00 -04:00
mux
net	net: rmnet: fix lower interface leak	2020-07-22 09:31:58 +02:00
nfc	NFC: st21nfca: add missed kfree_skb() in an error path	2020-06-10 21:34:59 +02:00
ntb	NTB: perf: Fix race condition when run with ntb_test	2020-06-25 15:33:03 +02:00
nubus
nvdimm	libnvdimm: Fix endian conversion issues	2020-06-07 13:17:53 +02:00
nvme	nvme-rdma: assign completion vector correctly	2020-07-16 08:17:23 +02:00
nvmem	nvmem: qfprom: remove incorrect write support	2020-06-10 21:35:00 +02:00
of	of: Fix a refcounting bug in __of_attach_node_sysfs()	2020-06-25 15:33:00 +02:00
opp	OPP: Fix missing debugfs supply directory for OPPs	2020-01-27 14:50:04 +01:00
oprofile
parisc
parport
pci	PCI: dwc: Fix inner MSI IRQ domain registration	2020-06-25 15:32:58 +02:00
pcmcia
perf	drivers/perf: hisi: Fix wrong value for all counters enable	2020-06-25 15:33:04 +02:00
phy	phy: mapphone-mdm6600: Fix write timeouts with shorter GPIO toggle interval	2020-03-11 14:15:10 +01:00
pinctrl	pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()'	2020-06-25 15:33:01 +02:00
platform	platform/x86: intel-vbtn: Only blacklist SW_TABLET_MODE on the 9 / "Laptop" chasis-type	2020-06-22 09:05:20 +02:00
pnp
power	power: supply: smb347-charger: IRQSTAT_D is volatile	2020-06-25 15:32:55 +02:00
powercap
pps
ps3
ptp	ptp: free ptp device pin descriptors properly	2020-01-23 08:21:35 +01:00
pwm	pwm: img: Call pm_runtime_put() in pm_runtime_get_sync() failed case	2020-06-25 15:32:51 +02:00
rapidio	rapidio: fix an error in get_user_pages_fast() error handling	2020-05-27 17:37:43 +02:00
ras
regulator	regualtor: pfuze100: correct sw1a/sw2 on pfuze3000	2020-06-30 23:17:10 -04:00
remoteproc	remoteproc: Fix IDR initialisation in rproc_alloc()	2020-06-25 15:32:47 +02:00
reset	reset: uniphier: Add SCSSI reset control for each channel	2020-02-24 08:34:44 +01:00
rpmsg	rpmsg: glink: Remove chunk size word align warning	2020-04-13 10:45:16 +02:00
rtc	rtc: 88pm860x: fix possible race condition	2020-04-23 10:30:18 +02:00
s390	scsi: zfcp: Fix panic on ERP timeout for previously dismissed ERP action	2020-06-30 23:17:08 -04:00
sbus
scsi	scsi: acornscsi: Fix an error handling path in acornscsi_probe()	2020-06-25 15:33:05 +02:00
sfi
sh
siox
slimbus	slimbus: ngd: get drvdata from correct device	2020-06-25 15:32:54 +02:00
sn
soc	soc: imx: gpc: fix power up sequencing	2020-04-23 10:30:17 +02:00
soundwire
spi	spi: spidev: fix a potential use-after-free in spidev_release()	2020-07-16 08:17:22 +02:00
spmi
ssb
staging	Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate()	2020-06-30 23:17:18 -04:00
target	scsi: target: tcmu: Fix a use after free in tcmu_check_expired_queue_cmd()	2020-06-25 15:32:59 +02:00
tc
tee	tee: optee: Fix compilation issue with nommu	2020-02-05 14:43:50 +00:00
thermal	thermal/drivers/ti-soc-thermal: Avoid dereferencing ERR_PTR	2020-06-25 15:32:54 +02:00
thunderbolt	thunderbolt: Drop duplicated get_switch_at_route()	2020-05-27 17:37:40 +02:00
tty	Revert "tty: hvc: Fix data abort due to race in hvc_open"	2020-06-30 23:17:19 -04:00
uio	uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol()	2020-02-24 08:34:37 +01:00
usb	usb: dwc3: pci: Fix reference count leak in dwc3_pci_resume_work	2020-07-16 08:17:23 +02:00
uwb
vfio	vfio/mdev: Fix reference count leak in add_mdev_supported_type	2020-06-25 15:33:01 +02:00
vhost	vhost/vsock: fix packet delivery order to monitoring devices	2020-05-27 17:37:32 +02:00
video	backlight: lp855x: Ensure regulators are disabled on probe failure	2020-06-25 15:32:48 +02:00
virt
virtio	virtio_balloon: prevent pfn array overflow	2020-02-24 08:34:54 +01:00
visorbus	visorbus: fix uninitialized variable access	2020-02-24 08:34:47 +01:00
vlynq
vme	vme: bridges: reduce stack usage	2020-02-24 08:34:47 +01:00
w1	w1: omap-hdq: cleanup to add missing newline for some dev_dbg	2020-06-22 09:05:30 +02:00
watchdog	watchdog: da9062: No need to ping manually before setting timeout	2020-06-25 15:32:58 +02:00
xen	xen/pvcalls-back: test for errors when calling backend_connect()	2020-06-22 09:05:09 +02:00
zorro
Kconfig
Makefile