From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk,
Stephen Hemminger <shemminger@vyatta.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [37/42] bonding: fix error handling if slave is busy (v2)
Date: Tue, 10 Jan 2012 13:48:47 -0800 [thread overview]
Message-ID: <20120110215024.120027597@clark.kroah.org> (raw)
In-Reply-To: <20120110215031.GA19398@kroah.com>
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 1834 bytes --]
3.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: stephen hemminger <shemminger@vyatta.com>
commit f7d9821a6a9c83450ac35e76d3709e32fd38b76f upstream.
If slave device already has a receive handler registered, then the
error unwind of bonding device enslave function is broken.
The following will leave a pointer to freed memory in the slave
device list, causing a later kernel panic.
# modprobe dummy
# ip li add dummy0-1 link dummy0 type macvlan
# modprobe bonding
# echo +dummy0 >/sys/class/net/bond0/bonding/slaves
The fix is to detach the slave (which removes it from the list)
in the unwind path.
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Reviewed-by: Nicolas de Pesloüan <nicolas.2p.debian@free.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/net/bonding/bond_main.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -1839,7 +1839,7 @@ int bond_enslave(struct net_device *bond
"but new slave device does not support netpoll.\n",
bond_dev->name);
res = -EBUSY;
- goto err_close;
+ goto err_detach;
}
}
#endif
@@ -1848,7 +1848,7 @@ int bond_enslave(struct net_device *bond
res = bond_create_slave_symlinks(bond_dev, slave_dev);
if (res)
- goto err_close;
+ goto err_detach;
res = netdev_rx_handler_register(slave_dev, bond_handle_frame,
new_slave);
@@ -1869,6 +1869,11 @@ int bond_enslave(struct net_device *bond
err_dest_symlinks:
bond_destroy_slave_symlinks(bond_dev, slave_dev);
+err_detach:
+ write_lock_bh(&bond->lock);
+ bond_detach_slave(bond, new_slave);
+ write_unlock_bh(&bond->lock);
+
err_close:
dev_close(slave_dev);
next prev parent reply other threads:[~2012-01-10 23:00 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-10 21:50 [00/42] 3.1.9-stable review Greg KH
2012-01-10 21:48 ` [01/42] MAINTAINERS: stable: Update address Greg KH
2012-01-10 21:48 ` [02/42] Documentation: Update stable address Greg KH
2012-01-10 21:48 ` [03/42] firmware: Fix an oops on reading fw_priv->fw in sysfs loading file Greg KH
2012-01-10 21:48 ` [04/42] rt2800usb: Move ID out of unknown Greg KH
2012-01-10 21:48 ` [05/42] offb: Fix setting of the pseudo-palette for >8bpp Greg KH
2012-01-10 21:48 ` [06/42] offb: Fix bug in calculating requested vram size Greg KH
2012-01-10 21:48 ` [07/42] wl12xx: Validate FEM index from ini file and FW Greg KH
2012-01-10 21:48 ` [08/42] wl12xx: Check buffer bound when processing nvs data Greg KH
2012-01-10 21:48 ` [09/42] wl12xx: Restore testmode ABI Greg KH
2012-01-10 21:48 ` [10/42] powerpc/time: Handle wrapping of decrementer Greg KH
2012-01-10 21:48 ` [11/42] powerpc: Fix unpaired probe_hcall_entry and probe_hcall_exit Greg KH
2012-01-10 21:48 ` [12/42] asix: new device id Greg KH
2012-01-10 21:48 ` [13/42] IB/qib: Fix a possible data corruption when receiving packets Greg KH
2012-01-10 21:48 ` [14/42] perf: Fix parsing of __print_flags() in TP_printk() Greg KH
2012-01-10 21:48 ` [15/42] reiserfs: Fix quota mount option parsing Greg KH
2012-01-10 21:48 ` [16/42] reiserfs: Force inode evictions before umount to avoid crash Greg KH
2012-01-10 21:48 ` [17/42] ext3: Dont warn from writepage when readonly inode is spotted after error Greg KH
2012-01-10 21:48 ` [18/42] USB: update documentation for usbmon Greg KH
2012-01-10 21:48 ` [19/42] atmel_serial: fix spinlock lockup in RS485 code Greg KH
2012-01-10 21:48 ` [20/42] cgroup: fix to allow mounting a hierarchy by name Greg KH
2012-01-10 21:48 ` [21/42] udf: Fix deadlock when converting file from in-ICB one to normal one Greg KH
2012-01-10 21:48 ` [22/42] drivers/usb/class/cdc-acm.c: clear dangling pointer Greg KH
2012-01-10 21:48 ` [23/42] USB: isight: fix kernel bug when loading firmware Greg KH
2012-01-10 21:48 ` [24/42] usb: usb-storage doesnt support dynamic id currently, the patch disables the feature to fix an oops Greg KH
2012-01-10 21:48 ` [25/42] USB: add quirk for another camera Greg KH
2012-01-10 21:48 ` [26/42] usb: musb: fix pm_runtime mismatch Greg KH
2012-01-10 21:48 ` [27/42] USB: omninet: fix write_room Greg KH
2012-01-10 21:48 ` [28/42] USB: Add USB-ID for Multiplex RC serial adapter to cp210x.c Greg KH
2012-01-10 21:48 ` [29/42] usb: fix number of mapped SG DMA entries Greg KH
2012-01-10 21:48 ` [30/42] xhci: Properly handle COMP_2ND_BW_ERR Greg KH
2012-01-10 21:48 ` [31/42] USB: option: add id for 3G dongle Model VT1000 of Viettel Greg KH
2012-01-10 21:48 ` [32/42] usb: option: add ZD Incorporated HSPA modem Greg KH
2012-01-10 21:48 ` [33/42] usb: ch9: fix up MaxStreams helper Greg KH
2012-01-10 21:48 ` [34/42] OHCI: final fix for NVIDIA problems (I hope) Greg KH
2012-01-10 21:48 ` [35/42] igmp: Avoid zero delay when receiving odd mixture of IGMP queries Greg KH
2012-01-10 21:48 ` [36/42] asix: fix infinite loop in rx_fixup() Greg KH
2012-01-10 21:48 ` Greg KH [this message]
2012-01-10 21:48 ` [38/42] PM / Sleep: Fix race between CPU hotplug and freezer Greg KH
2012-01-10 21:48 ` [39/42] SCSI: mpt2sas: Added missing mpt2sas_base_detach call from scsih_remove context Greg KH
2012-01-10 21:48 ` [40/42] usb: cdc-acm: Fix acm_tty_hangup() vs. acm_tty_close() race Greg KH
2012-01-10 21:48 ` [41/42] xfs: validate acl count Greg KH
2012-01-11 7:41 ` Christoph Hellwig
2012-01-11 15:00 ` Greg KH
2012-01-11 15:05 ` Ben Myers
2012-01-13 16:17 ` Ben Myers
2012-01-13 18:19 ` Greg KH
2012-01-13 19:42 ` Ben Myers
2012-01-13 19:52 ` Greg KH
2012-01-16 15:53 ` Ben Myers
2012-01-16 16:48 ` Greg KH
2012-01-24 16:33 ` Christoph Hellwig
2012-01-24 17:43 ` Ben Myers
2012-01-10 21:48 ` [42/42] xfs: fix acl count validation in xfs_acl_from_disk() Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120110215024.120027597@clark.kroah.org \
--to=gregkh@suse.de \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=shemminger@vyatta.com \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).