iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c484fcc058
linux/drivers
History
Ido Schimmel c484fcc058 bonding: Fix memory leak when changing bond type to Ethernet 
When a net device is put administratively up, its 'IFF_UP' flag is set
(if not set already) and a 'NETDEV_UP' notification is emitted, which
causes the 8021q driver to add VLAN ID 0 on the device. The reverse
happens when a net device is put administratively down.

When changing the type of a bond to Ethernet, its 'IFF_UP' flag is
incorrectly cleared, resulting in the kernel skipping the above process
and VLAN ID 0 being leaked [1].

Fix by restoring the flag when changing the type to Ethernet, in a
similar fashion to the restoration of the 'IFF_SLAVE' flag.

The issue can be reproduced using the script in [2], with example out
before and after the fix in [3].

[1]
unreferenced object 0xffff888103479900 (size 256):
  comm "ip", pid 329, jiffies 4294775225 (age 28.561s)
  hex dump (first 32 bytes):
    00 a0 0c 15 81 88 ff ff 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff81a6051a>] kmalloc_trace+0x2a/0xe0
    [<ffffffff8406426c>] vlan_vid_add+0x30c/0x790
    [<ffffffff84068e21>] vlan_device_event+0x1491/0x21a0
    [<ffffffff81440c8e>] notifier_call_chain+0xbe/0x1f0
    [<ffffffff8372383a>] call_netdevice_notifiers_info+0xba/0x150
    [<ffffffff837590f2>] __dev_notify_flags+0x132/0x2e0
    [<ffffffff8375ad9f>] dev_change_flags+0x11f/0x180
    [<ffffffff8379af36>] do_setlink+0xb96/0x4060
    [<ffffffff837adf6a>] __rtnl_newlink+0xc0a/0x18a0
    [<ffffffff837aec6c>] rtnl_newlink+0x6c/0xa0
    [<ffffffff837ac64e>] rtnetlink_rcv_msg+0x43e/0xe00
    [<ffffffff839a99e0>] netlink_rcv_skb+0x170/0x440
    [<ffffffff839a738f>] netlink_unicast+0x53f/0x810
    [<ffffffff839a7fcb>] netlink_sendmsg+0x96b/0xe90
    [<ffffffff8369d12f>] ____sys_sendmsg+0x30f/0xa70
    [<ffffffff836a6d7a>] ___sys_sendmsg+0x13a/0x1e0
unreferenced object 0xffff88810f6a83e0 (size 32):
  comm "ip", pid 329, jiffies 4294775225 (age 28.561s)
  hex dump (first 32 bytes):
    a0 99 47 03 81 88 ff ff a0 99 47 03 81 88 ff ff  ..G.......G.....
    81 00 00 00 01 00 00 00 cc cc cc cc cc cc cc cc  ................
  backtrace:
    [<ffffffff81a6051a>] kmalloc_trace+0x2a/0xe0
    [<ffffffff84064369>] vlan_vid_add+0x409/0x790
    [<ffffffff84068e21>] vlan_device_event+0x1491/0x21a0
    [<ffffffff81440c8e>] notifier_call_chain+0xbe/0x1f0
    [<ffffffff8372383a>] call_netdevice_notifiers_info+0xba/0x150
    [<ffffffff837590f2>] __dev_notify_flags+0x132/0x2e0
    [<ffffffff8375ad9f>] dev_change_flags+0x11f/0x180
    [<ffffffff8379af36>] do_setlink+0xb96/0x4060
    [<ffffffff837adf6a>] __rtnl_newlink+0xc0a/0x18a0
    [<ffffffff837aec6c>] rtnl_newlink+0x6c/0xa0
    [<ffffffff837ac64e>] rtnetlink_rcv_msg+0x43e/0xe00
    [<ffffffff839a99e0>] netlink_rcv_skb+0x170/0x440
    [<ffffffff839a738f>] netlink_unicast+0x53f/0x810
    [<ffffffff839a7fcb>] netlink_sendmsg+0x96b/0xe90
    [<ffffffff8369d12f>] ____sys_sendmsg+0x30f/0xa70
    [<ffffffff836a6d7a>] ___sys_sendmsg+0x13a/0x1e0

[2]
ip link add name t-nlmon type nlmon
ip link add name t-dummy type dummy
ip link add name t-bond type bond mode active-backup

ip link set dev t-bond up
ip link set dev t-nlmon master t-bond
ip link set dev t-nlmon nomaster
ip link show dev t-bond
ip link set dev t-dummy master t-bond
ip link show dev t-bond

ip link del dev t-bond
ip link del dev t-dummy
ip link del dev t-nlmon

[3]
Before:

12: t-bond: <NO-CARRIER,BROADCAST,MULTICAST,MASTER,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
    link/netlink
12: t-bond: <BROADCAST,MULTICAST,MASTER,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 46:57:39:a4:46:a2 brd ff:ff:ff:ff:ff:ff

After:

12: t-bond: <NO-CARRIER,BROADCAST,MULTICAST,MASTER,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
    link/netlink
12: t-bond: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 66:48:7b:74:b6:8a brd ff:ff:ff:ff:ff:ff

Fixes: e36b9d16c6 ("bonding: clean muticast addresses when device changes type")
Fixes: 75c78500dd ("bonding: remap muticast addresses without using dev_close() and dev_open()")
Fixes: 9ec7eb60dc ("bonding: restore IFF_MASTER/SLAVE flags on bond enslave ether type change")
Reported-by: Mirsad Goran Todorovac <mirsad.todorovac@alu.unizg.hr>
Link: https://lore.kernel.org/netdev/78a8a03b-6070-3e6b-5042-f848dab16fb8@alu.unizg.hr/
Tested-by: Mirsad Goran Todorovac <mirsad.todorovac@alu.unizg.hr>
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Acked-by: Jay Vosburgh <jay.vosburgh@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2023-04-19 08:55:27 +01:00
..
accel accel/ivpu: Fix S3 system suspend when not idle 2023-04-05 09:07:26 +02:00
accessibility
acpi ACPI: video: Add acpi_backlight=video quirk for Lenovo ThinkPad W530 2023-04-05 20:23:02 +02:00
amba
android Char/Misc and other driver subsystem changes for 6.3-rc1 2023-02-24 12:47:33 -08:00
ata ata: pata_parport: fix memory leaks 2023-03-16 16:54:38 +09:00
atm atm: idt77252: fix kmemleak when rmmod idt77252 2023-03-21 20:19:28 -07:00
auxdisplay
base cacheinfo: Fix LLC is not exported through sysfs 2023-03-29 12:04:10 +02:00
bcma
block virtio: last minute fixes 2023-04-10 13:35:54 -07:00
bluetooth bluetooth: btbcm: Fix logic error in forming the board name. 2023-04-10 10:23:15 -07:00
bus Devicetree fixes for v6.2, part 3: 2023-04-13 15:21:56 -07:00
cdrom
char tpm: disable hwrng for fTPM on some AMD designs 2023-03-12 23:28:10 +02:00
clk clk: k210: remove an implicit 64-bit division 2023-03-06 14:41:20 -08:00
clocksource Updates for timekeeping, timers and clockevent/source drivers: 2023-02-21 09:45:13 -08:00
comedi
connector
counter counter: 104-quad-8: Fix Synapse action reported for Index signals 2023-03-18 09:26:40 -04:00
cpufreq More power management updates for 6.3-rc1 2023-03-03 10:30:58 -08:00
cpuidle cpuidle: psci: Iterate backwards over list in psci_pd_remove() 2023-03-07 14:04:13 +01:00
crypto This push fixes a regression in the caam driver. 2023-03-05 11:32:30 -08:00
cxl Merge branch 'for-6.3/cxl-doe-fixes' into for-6.3/cxl 2023-04-04 15:37:25 -07:00
dax cxl for v6.3 2023-02-25 09:19:23 -08:00
dca
devfreq
dio
dma dmaengine: apple-admac: Fix 'current_tx' not getting freed 2023-03-31 18:17:21 +05:30
dma-buf dma-buf: make kobj_type structure constant 2023-02-17 09:16:34 +01:00
edac - Add a driver for the RAS functionality on Xilinx's on chip memory 2023-02-21 08:10:03 -08:00
eisa
extcon extcon: intel-cht-wc: Add support for Lenovo Yoga Tab 3 Pro YT3-X90F 2023-02-04 13:05:42 +00:00
firewire Driver core changes for 6.3-rc1 2023-02-24 12:58:55 -08:00
firmware ARM: SoC fixes for 6.3, part 2 2023-03-24 15:38:13 -07:00
fpga Driver core changes for 6.3-rc1 2023-02-24 12:58:55 -08:00
fsi
gnss
gpio gpio fixes for v6.3-rc6 2023-04-07 13:53:16 -07:00
gpu Short summary of fixes pull: 2023-04-13 20:47:58 +02:00
greybus
hid for-linus-2023041201 2023-04-12 17:26:00 -07:00
hsi Driver core changes for 6.3-rc1 2023-02-24 12:58:55 -08:00
hte
hv Drivers: vmbus: Check for channel allocation before looking up relids 2023-03-06 15:28:03 +00:00
hwmon hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs 2023-03-21 19:14:55 -07:00
hwspinlock
hwtracing coresight: etm4x: Do not access TRCIDR1 for identification 2023-03-21 12:31:02 +00:00
i2c Devicetree fixes for v6.2, part 3: 2023-04-13 15:21:56 -07:00
i3c I3C for 6.3 2023-02-28 16:05:01 -08:00
idle Power management updates for 6.3-rc1 2023-02-21 12:13:58 -08:00
iio 1st set of IIO fixes for 6.3 2023-03-28 13:30:55 +02:00
infiniband v6.3 RDMA pull request 2023-02-24 15:11:03 -08:00
input Input updates for v6.3-rc4 2023-04-01 14:09:51 -07:00
interconnect interconnect: exynos: drop redundant link destroy 2023-03-13 21:13:48 +02:00
iommu iommufd: Do not corrupt the pfn list when doing batch carry 2023-04-04 09:10:55 -03:00
ipack Driver core changes for 6.3-rc1 2023-02-24 12:58:55 -08:00
irqchip ARM: 2023-02-25 11:30:21 -08:00
isdn
leds - Remove Drivers 2023-02-23 15:09:31 -08:00
macintosh powerpc updates for 6.3 2023-02-25 11:00:06 -08:00
mailbox mailbox: qcom-apcs-ipc: add IPQ5332 APSS clock support 2023-02-23 14:47:13 -06:00
mcb
md block-6.3-2023-03-30 2023-03-31 12:35:03 -07:00
media Revert "venus: firmware: Correct non-pix start and end addresses" 2023-04-02 10:47:03 -07:00
memory memory: tegra30-emc: fix interconnect registration race 2023-03-13 21:13:49 +02:00
memstick MMC core: 2023-02-27 09:47:26 -08:00
message
mfd Including fixes from wireless and netfilter. 2023-02-27 14:05:08 -08:00
misc misc: ad525x_dpot-i2c: Convert to i2c's .probe_new() 2023-03-09 21:58:45 +01:00
mmc mmc: dw_mmc-starfive: Fix initialization of prev_err 2023-03-09 15:33:51 +01:00
most
mtd mtd: rawnand: meson: fix bitmask for length in command word 2023-04-03 17:58:01 +02:00
mux
net bonding: Fix memory leak when changing bond type to Ethernet 2023-04-19 08:55:27 +01:00
nfc nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition 2023-03-15 00:28:23 -07:00
ntb
nubus
nvdimm virtio,vhost,vdpa: features, fixes 2023-02-25 11:48:02 -08:00
nvme nvme: fix discard support without oncs 2023-04-05 17:13:17 +02:00
nvmem nvmem: core: return -ENOENT if nvmem cell is not found 2023-03-10 10:55:49 +01:00
of Devicetree fixes for v6.2, part 3: 2023-04-13 15:21:56 -07:00
opp OPP: fix error checking in opp_migrate_dentry() 2023-02-16 13:48:53 +01:00
parisc
parport Char/Misc and other driver subsystem changes for 6.3-rc1 2023-02-24 12:47:33 -08:00
pci pci-v6.3-fixes-2 2023-04-11 11:59:49 -07:00
pcmcia Driver core changes for 6.3-rc1 2023-02-24 12:58:55 -08:00
peci
perf RISC-V Patches for the 6.3 Merge Window, Part 2 2023-03-03 09:32:51 -08:00
phy ARM: SoC drivers for 6.3 2023-02-27 10:04:49 -08:00
pinctrl Revert "pinctrl: amd: Disable and mask interrupts on resume" 2023-04-11 22:45:42 +02:00
platform platform-drivers-x86 for v6.3-5 2023-04-06 10:13:23 -07:00
pnp
power power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition 2023-03-12 23:28:04 +01:00
powercap More power management updates for 6.3-rc1 2023-03-03 10:30:58 -08:00
pps
ps3
ptp ptp_qoriq: fix memory leak in probe() 2023-03-24 19:17:22 -07:00
pwm pwm: Zero-initialize the pwm_state passed to driver's .get_state() 2023-03-23 14:44:43 +01:00
rapidio
ras
regulator regulator: Handle deferred clk 2023-03-27 01:42:01 +01:00
remoteproc ARM: SoC drivers for 6.3 2023-02-27 10:04:49 -08:00
reset
rpmsg rpmsg updates for v6.3 2023-02-26 12:10:28 -08:00
rtc RTC for 6.3 2023-03-03 09:15:50 -08:00
s390 s390/vfio-ap: fix memory leak in vfio_ap device driver 2023-03-27 17:23:08 +02:00
sbus mm: replace vma->vm_flags direct modifications with modifier calls 2023-02-09 16:51:39 -08:00
scsi SCSI fixes on 20230407 2023-04-08 11:57:05 -07:00
sh sh updates for v6.3 2023-03-01 09:44:22 -08:00
siox
slimbus
soc soc: qcom: rmtfs: handle optional qcom,vmid correctly 2023-03-06 20:13:06 -08:00
soundwire soundwire updates for 6.3 2023-02-24 17:29:52 -08:00
spi Devicetree fixes for v6.2, part 3: 2023-04-13 15:21:56 -07:00
spmi
ssb
staging staging: r8188eu: delete driver 2023-03-09 10:06:28 +01:00
target scsi: target: iscsi: Fix an error message in iscsi_check_key() 2023-03-06 16:50:42 -05:00
tc
tee AMDTEE fix race condition in amdtee_open_session() 2023-03-17 15:30:31 +01:00
thermal Merge branch 'thermal-intel-fixes' 2023-03-31 12:02:46 +02:00
thunderbolt thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit 2023-03-20 19:00:58 +02:00
tty TTY/Serial driver fixes for 6.3-rc6 2023-04-08 12:17:46 -07:00
ufs scsi: Revert "scsi: ufs: core: Initialize devfreq synchronously" 2023-04-02 21:12:34 -04:00
uio - Daniel Verkamp has contributed a memfd series ("mm/memfd: add 2023-02-23 17:09:35 -08:00
usb usb: cdnsp: Fixes error: uninitialized symbol 'len' 2023-04-05 19:55:04 +02:00
vdpa vdpa_sim_net: complete the initialization before register the device 2023-04-04 14:22:12 -04:00
vfio vfio/mlx5: Fix the report of dirty_bytes upon pre-copy 2023-03-13 12:50:59 -06:00
vhost vhost-scsi: Fix crash during LUN unmapping 2023-04-04 11:01:58 -04:00
video Short summary of fixes pull: 2023-04-13 20:47:58 +02:00
virt virt/coco/sev-guest: Add throttling awareness 2023-03-13 13:29:27 +01:00
virtio virtio,vhost,vdpa: features, fixes 2023-02-25 11:48:02 -08:00
vlynq
w1 w1: ds2482: Convert to i2c's .probe_new() 2023-03-09 21:58:57 +01:00
watchdog linux-watchdog 6.3-rc1 tag 2023-03-02 11:12:01 -08:00
xen xen: branch for v6.3-rc3 2023-03-17 10:45:49 -07:00
zorro
Kconfig
Makefile Kbuild updates for v6.3 2023-02-26 11:53:25 -08:00