All of lore.kernel.org
 help / color / mirror / Atom feed
From: Jakub Kicinski <kuba@kernel.org>
To: Lukas Wunner <lukas@wunner.de>
Cc: Paolo Abeni <pabeni@redhat.com>, Oliver Neukum <oneukum@suse.com>,
	"David S. Miller" <davem@davemloft.net>,
	Jann Horn <jannh@google.com>,
	Oleksij Rempel <o.rempel@pengutronix.de>,
	Eric Dumazet <edumazet@google.com>,
	netdev@vger.kernel.org, linux-usb@vger.kernel.org,
	Andrew Lunn <andrew@lunn.ch>, Jacky Chou <jackychou@asix.com.tw>,
	Willy Tarreau <w@1wt.eu>, Lino Sanfilippo <LinoSanfilippo@gmx.de>,
	Philipp Rosenberger <p.rosenberger@kunbus.com>,
	Heiner Kallweit <hkallweit1@gmail.com>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: Re: [PATCH] net: linkwatch: ignore events for unregistered netdevs
Date: Mon, 25 Apr 2022 07:41:46 -0700	[thread overview]
Message-ID: <20220425074146.1fa27d5f@kernel.org> (raw)
In-Reply-To: <20220423160723.GA20330@wunner.de>

On Sat, 23 Apr 2022 18:07:23 +0200 Lukas Wunner wrote:
> > Looking at the original report it looks like the issue could be
> > resolved with a more usb-specific change: e.g. it looks like
> > usbnet_defer_kevent() is not acquiring a dev reference as it should.
> > 
> > Have you considered that path?  
> 
> First of all, the diffstat of the patch shows this is an opportunity
> to reduce LoC as well as simplify and speed up device teardown.
> 
> Second, the approach you're proposing won't work if a driver calls
> netif_carrier_on/off() after unregister_netdev().
> 
> It seems prudent to prevent such a misbehavior in *any* driver,
> not just usbnet.  usbnet may not be the only one doing it wrong.
> Jann pointed out that there are more syzbot reports related
> to a UAF in linkwatch:
> 
> https://lore.kernel.org/netdev/?q=__linkwatch_run_queue+syzbot
> 
> Third, I think an API which schedules work, invisibly to the driver,
> is dangerous and misguided.  If it is illegal to call
> netif_carrier_on/off() for an unregistered but not yet freed netdev,
> catch that in core networking code and don't expect drivers to respect
> a rule which isn't even documented.

Doesn't mean we should make it legal. We can add a warning to catch
abuses.

  parent reply	other threads:[~2022-04-25 14:41 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-17  7:04 [PATCH] net: linkwatch: ignore events for unregistered netdevs Lukas Wunner
2022-04-21  8:02 ` Paolo Abeni
2022-04-23 16:07   ` Lukas Wunner
2022-04-23 19:35     ` Lukas Wunner
2022-04-25 14:41     ` Jakub Kicinski [this message]
2022-04-25 14:49       ` Jann Horn
2022-04-25 15:00         ` Jakub Kicinski
2022-04-25 15:13           ` Eric Dumazet
2022-04-25 15:18             ` Jann Horn
2022-04-25 15:23               ` Eric Dumazet
2022-04-25 17:20               ` Lukas Wunner
2022-04-25 17:24                 ` Eric Dumazet
2022-04-25 15:28             ` Jakub Kicinski
2022-04-25 15:31               ` Eric Dumazet
2022-04-25 15:36                 ` Jakub Kicinski
2022-04-25 21:18       ` Lukas Wunner
2022-04-25 21:39         ` Eric Dumazet
2022-04-30 10:05       ` Lukas Wunner
2022-04-30 10:09         ` Lukas Wunner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220425074146.1fa27d5f@kernel.org \
    --to=kuba@kernel.org \
    --cc=LinoSanfilippo@gmx.de \
    --cc=andrew@lunn.ch \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=hkallweit1@gmail.com \
    --cc=jackychou@asix.com.tw \
    --cc=jannh@google.com \
    --cc=linux-usb@vger.kernel.org \
    --cc=lukas@wunner.de \
    --cc=netdev@vger.kernel.org \
    --cc=o.rempel@pengutronix.de \
    --cc=oneukum@suse.com \
    --cc=p.rosenberger@kunbus.com \
    --cc=pabeni@redhat.com \
    --cc=w@1wt.eu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.