* [bug report] net: fix dev_ifsioc_locked() race condition
@ 2021-02-16 19:38 Dan Carpenter
2021-02-16 19:52 ` Cong Wang
0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2021-02-16 19:38 UTC (permalink / raw)
To: cong.wang; +Cc: netdev
Hello Cong Wang,
The patch 3b23a32a6321: "net: fix dev_ifsioc_locked() race condition"
from Feb 11, 2021, leads to the following static checker warning:
drivers/net/tap.c:1095 tap_ioctl()
warn: check that 'sa.sa_family' doesn't leak information
drivers/net/tap.c
1084
1085 case SIOCGIFHWADDR:
1086 rtnl_lock();
1087 tap = tap_get_tap_dev(q);
1088 if (!tap) {
1089 rtnl_unlock();
1090 return -ENOLINK;
1091 }
1092 ret = 0;
1093 dev_get_mac_address(&sa, dev_net(tap->dev), tap->dev->name);
How do you want to handle errors from dev_get_mac_address()?
1094 if (copy_to_user(&ifr->ifr_name, tap->dev->name, IFNAMSIZ) ||
1095 copy_to_user(&ifr->ifr_hwaddr, &sa, sizeof(sa)))
1096 ret = -EFAULT;
1097 tap_put_tap_dev(tap);
1098 rtnl_unlock();
1099 return ret;
1100
regards,
dan carpenter
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [bug report] net: fix dev_ifsioc_locked() race condition
2021-02-16 19:38 [bug report] net: fix dev_ifsioc_locked() race condition Dan Carpenter
@ 2021-02-16 19:52 ` Cong Wang
0 siblings, 0 replies; 2+ messages in thread
From: Cong Wang @ 2021-02-16 19:52 UTC (permalink / raw)
To: Dan Carpenter; +Cc: Cong Wang ., Linux Kernel Network Developers
On Tue, Feb 16, 2021 at 11:40 AM Dan Carpenter <dan.carpenter@oracle.com> wrote:
>
> Hello Cong Wang,
>
> The patch 3b23a32a6321: "net: fix dev_ifsioc_locked() race condition"
> from Feb 11, 2021, leads to the following static checker warning:
>
> drivers/net/tap.c:1095 tap_ioctl()
> warn: check that 'sa.sa_family' doesn't leak information
>
> drivers/net/tap.c
> 1084
> 1085 case SIOCGIFHWADDR:
> 1086 rtnl_lock();
> 1087 tap = tap_get_tap_dev(q);
> 1088 if (!tap) {
> 1089 rtnl_unlock();
> 1090 return -ENOLINK;
> 1091 }
> 1092 ret = 0;
> 1093 dev_get_mac_address(&sa, dev_net(tap->dev), tap->dev->name);
>
> How do you want to handle errors from dev_get_mac_address()?
I did have a check there but it turns out unnecessary, because the only
error can happen is when the device name is not found, but here
we already have tap->dev, therefore its name is always there and valid.
Thanks.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-02-16 19:53 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-16 19:38 [bug report] net: fix dev_ifsioc_locked() race condition Dan Carpenter
2021-02-16 19:52 ` Cong Wang
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.