iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/drivers
History
Ido Schimmel c484fcc058 bonding: Fix memory leak when changing bond type to Ethernet 
When a net device is put administratively up, its 'IFF_UP' flag is set
(if not set already) and a 'NETDEV_UP' notification is emitted, which
causes the 8021q driver to add VLAN ID 0 on the device. The reverse
happens when a net device is put administratively down.

When changing the type of a bond to Ethernet, its 'IFF_UP' flag is
incorrectly cleared, resulting in the kernel skipping the above process
and VLAN ID 0 being leaked [1].

Fix by restoring the flag when changing the type to Ethernet, in a
similar fashion to the restoration of the 'IFF_SLAVE' flag.

The issue can be reproduced using the script in [2], with example out
before and after the fix in [3].

[1]
unreferenced object 0xffff888103479900 (size 256):
  comm "ip", pid 329, jiffies 4294775225 (age 28.561s)
  hex dump (first 32 bytes):
    00 a0 0c 15 81 88 ff ff 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff81a6051a>] kmalloc_trace+0x2a/0xe0
    [<ffffffff8406426c>] vlan_vid_add+0x30c/0x790
    [<ffffffff84068e21>] vlan_device_event+0x1491/0x21a0
    [<ffffffff81440c8e>] notifier_call_chain+0xbe/0x1f0
    [<ffffffff8372383a>] call_netdevice_notifiers_info+0xba/0x150
    [<ffffffff837590f2>] __dev_notify_flags+0x132/0x2e0
    [<ffffffff8375ad9f>] dev_change_flags+0x11f/0x180
    [<ffffffff8379af36>] do_setlink+0xb96/0x4060
    [<ffffffff837adf6a>] __rtnl_newlink+0xc0a/0x18a0
    [<ffffffff837aec6c>] rtnl_newlink+0x6c/0xa0
    [<ffffffff837ac64e>] rtnetlink_rcv_msg+0x43e/0xe00
    [<ffffffff839a99e0>] netlink_rcv_skb+0x170/0x440
    [<ffffffff839a738f>] netlink_unicast+0x53f/0x810
    [<ffffffff839a7fcb>] netlink_sendmsg+0x96b/0xe90
    [<ffffffff8369d12f>] ____sys_sendmsg+0x30f/0xa70
    [<ffffffff836a6d7a>] ___sys_sendmsg+0x13a/0x1e0
unreferenced object 0xffff88810f6a83e0 (size 32):
  comm "ip", pid 329, jiffies 4294775225 (age 28.561s)
  hex dump (first 32 bytes):
    a0 99 47 03 81 88 ff ff a0 99 47 03 81 88 ff ff  ..G.......G.....
    81 00 00 00 01 00 00 00 cc cc cc cc cc cc cc cc  ................
  backtrace:
    [<ffffffff81a6051a>] kmalloc_trace+0x2a/0xe0
    [<ffffffff84064369>] vlan_vid_add+0x409/0x790
    [<ffffffff84068e21>] vlan_device_event+0x1491/0x21a0
    [<ffffffff81440c8e>] notifier_call_chain+0xbe/0x1f0
    [<ffffffff8372383a>] call_netdevice_notifiers_info+0xba/0x150
    [<ffffffff837590f2>] __dev_notify_flags+0x132/0x2e0
    [<ffffffff8375ad9f>] dev_change_flags+0x11f/0x180
    [<ffffffff8379af36>] do_setlink+0xb96/0x4060
    [<ffffffff837adf6a>] __rtnl_newlink+0xc0a/0x18a0
    [<ffffffff837aec6c>] rtnl_newlink+0x6c/0xa0
    [<ffffffff837ac64e>] rtnetlink_rcv_msg+0x43e/0xe00
    [<ffffffff839a99e0>] netlink_rcv_skb+0x170/0x440
    [<ffffffff839a738f>] netlink_unicast+0x53f/0x810
    [<ffffffff839a7fcb>] netlink_sendmsg+0x96b/0xe90
    [<ffffffff8369d12f>] ____sys_sendmsg+0x30f/0xa70
    [<ffffffff836a6d7a>] ___sys_sendmsg+0x13a/0x1e0

[2]
ip link add name t-nlmon type nlmon
ip link add name t-dummy type dummy
ip link add name t-bond type bond mode active-backup

ip link set dev t-bond up
ip link set dev t-nlmon master t-bond
ip link set dev t-nlmon nomaster
ip link show dev t-bond
ip link set dev t-dummy master t-bond
ip link show dev t-bond

ip link del dev t-bond
ip link del dev t-dummy
ip link del dev t-nlmon

[3]
Before:

12: t-bond: <NO-CARRIER,BROADCAST,MULTICAST,MASTER,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
    link/netlink
12: t-bond: <BROADCAST,MULTICAST,MASTER,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 46:57:39:a4:46:a2 brd ff:ff:ff:ff:ff:ff

After:

12: t-bond: <NO-CARRIER,BROADCAST,MULTICAST,MASTER,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
    link/netlink
12: t-bond: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 66:48:7b:74:b6:8a brd ff:ff:ff:ff:ff:ff

Fixes: e36b9d16c6a6 ("bonding: clean muticast addresses when device changes type")
Fixes: 75c78500ddad ("bonding: remap muticast addresses without using dev_close() and dev_open()")
Fixes: 9ec7eb60dcbc ("bonding: restore IFF_MASTER/SLAVE flags on bond enslave ether type change")
Reported-by: Mirsad Goran Todorovac <mirsad.todorovac@alu.unizg.hr>
Link: https://lore.kernel.org/netdev/78a8a03b-6070-3e6b-5042-f848dab16fb8@alu.unizg.hr/
Tested-by: Mirsad Goran Todorovac <mirsad.todorovac@alu.unizg.hr>
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Acked-by: Jay Vosburgh <jay.vosburgh@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2023-04-19 08:55:27 +01:00
..
accel
accel/ivpu: Fix S3 system suspend when not idle
2023-04-05 09:07:26 +02:00
accessibility
acpi
ACPI: video: Add acpi_backlight=video quirk for Lenovo ThinkPad W530
2023-04-05 20:23:02 +02:00
amba
android
Char/Misc and other driver subsystem changes for 6.3-rc1
2023-02-24 12:47:33 -08:00
ata
ata: pata_parport: fix memory leaks
2023-03-16 16:54:38 +09:00
atm
atm: idt77252: fix kmemleak when rmmod idt77252
2023-03-21 20:19:28 -07:00
auxdisplay
base
cacheinfo: Fix LLC is not exported through sysfs
2023-03-29 12:04:10 +02:00
bcma
block
virtio: last minute fixes
2023-04-10 13:35:54 -07:00
bluetooth
bluetooth: btbcm: Fix logic error in forming the board name.
2023-04-10 10:23:15 -07:00
bus
Devicetree fixes for v6.2, part 3:
2023-04-13 15:21:56 -07:00
cdrom
char
tpm: disable hwrng for fTPM on some AMD designs
2023-03-12 23:28:10 +02:00
clk
clk: k210: remove an implicit 64-bit division
2023-03-06 14:41:20 -08:00
clocksource
Updates for timekeeping, timers and clockevent/source drivers:
2023-02-21 09:45:13 -08:00
comedi
connector
counter
counter: 104-quad-8: Fix Synapse action reported for Index signals
2023-03-18 09:26:40 -04:00
cpufreq
More power management updates for 6.3-rc1
2023-03-03 10:30:58 -08:00
cpuidle
cpuidle: psci: Iterate backwards over list in psci_pd_remove()
2023-03-07 14:04:13 +01:00
crypto
This push fixes a regression in the caam driver.
2023-03-05 11:32:30 -08:00
cxl
Merge branch 'for-6.3/cxl-doe-fixes' into for-6.3/cxl
2023-04-04 15:37:25 -07:00
dax
cxl for v6.3
2023-02-25 09:19:23 -08:00
dca
devfreq
dio
dma
dmaengine: apple-admac: Fix 'current_tx' not getting freed
2023-03-31 18:17:21 +05:30
dma-buf
dma-buf: make kobj_type structure constant
2023-02-17 09:16:34 +01:00
edac
- Add a driver for the RAS functionality on Xilinx's on chip memory
2023-02-21 08:10:03 -08:00
eisa
extcon
extcon: intel-cht-wc: Add support for Lenovo Yoga Tab 3 Pro YT3-X90F
2023-02-04 13:05:42 +00:00
firewire
Driver core changes for 6.3-rc1
2023-02-24 12:58:55 -08:00
firmware
ARM: SoC fixes for 6.3, part 2
2023-03-24 15:38:13 -07:00
fpga
Driver core changes for 6.3-rc1
2023-02-24 12:58:55 -08:00
fsi
gnss
gpio
gpio fixes for v6.3-rc6
2023-04-07 13:53:16 -07:00
gpu
Short summary of fixes pull:
2023-04-13 20:47:58 +02:00
greybus
hid
for-linus-2023041201
2023-04-12 17:26:00 -07:00
hsi
Driver core changes for 6.3-rc1
2023-02-24 12:58:55 -08:00
hte
hv
Drivers: vmbus: Check for channel allocation before looking up relids
2023-03-06 15:28:03 +00:00
hwmon
hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs
2023-03-21 19:14:55 -07:00
hwspinlock
hwtracing
coresight: etm4x: Do not access TRCIDR1 for identification
2023-03-21 12:31:02 +00:00
i2c
Devicetree fixes for v6.2, part 3:
2023-04-13 15:21:56 -07:00
i3c
I3C for 6.3
2023-02-28 16:05:01 -08:00
idle
Power management updates for 6.3-rc1
2023-02-21 12:13:58 -08:00
iio
1st set of IIO fixes for 6.3
2023-03-28 13:30:55 +02:00
infiniband
v6.3 RDMA pull request
2023-02-24 15:11:03 -08:00
input
Input updates for v6.3-rc4
2023-04-01 14:09:51 -07:00
interconnect
interconnect: exynos: drop redundant link destroy
2023-03-13 21:13:48 +02:00
iommu
iommufd: Do not corrupt the pfn list when doing batch carry
2023-04-04 09:10:55 -03:00
ipack
Driver core changes for 6.3-rc1
2023-02-24 12:58:55 -08:00
irqchip
ARM:
2023-02-25 11:30:21 -08:00
isdn
leds
- Remove Drivers
2023-02-23 15:09:31 -08:00
macintosh
powerpc updates for 6.3
2023-02-25 11:00:06 -08:00
mailbox
mailbox: qcom-apcs-ipc: add IPQ5332 APSS clock support
2023-02-23 14:47:13 -06:00
mcb
md
block-6.3-2023-03-30
2023-03-31 12:35:03 -07:00
media
Revert "venus: firmware: Correct non-pix start and end addresses"
2023-04-02 10:47:03 -07:00
memory
memory: tegra30-emc: fix interconnect registration race
2023-03-13 21:13:49 +02:00
memstick
MMC core:
2023-02-27 09:47:26 -08:00
message
mfd
Including fixes from wireless and netfilter.
2023-02-27 14:05:08 -08:00
misc
misc: ad525x_dpot-i2c: Convert to i2c's .probe_new()
2023-03-09 21:58:45 +01:00
mmc
mmc: dw_mmc-starfive: Fix initialization of prev_err
2023-03-09 15:33:51 +01:00
most
mtd
mtd: rawnand: meson: fix bitmask for length in command word
2023-04-03 17:58:01 +02:00
mux
net
bonding: Fix memory leak when changing bond type to Ethernet
2023-04-19 08:55:27 +01:00
nfc
nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition
2023-03-15 00:28:23 -07:00
ntb
nubus
nvdimm
virtio,vhost,vdpa: features, fixes
2023-02-25 11:48:02 -08:00
nvme
nvme: fix discard support without oncs
2023-04-05 17:13:17 +02:00
nvmem
nvmem: core: return -ENOENT if nvmem cell is not found
2023-03-10 10:55:49 +01:00
of
Devicetree fixes for v6.2, part 3:
2023-04-13 15:21:56 -07:00
opp
OPP: fix error checking in opp_migrate_dentry()
2023-02-16 13:48:53 +01:00
parisc
parport
Char/Misc and other driver subsystem changes for 6.3-rc1
2023-02-24 12:47:33 -08:00
pci
pci-v6.3-fixes-2
2023-04-11 11:59:49 -07:00
pcmcia
Driver core changes for 6.3-rc1
2023-02-24 12:58:55 -08:00
peci
perf
RISC-V Patches for the 6.3 Merge Window, Part 2
2023-03-03 09:32:51 -08:00
phy
ARM: SoC drivers for 6.3
2023-02-27 10:04:49 -08:00
pinctrl
Revert "pinctrl: amd: Disable and mask interrupts on resume"
2023-04-11 22:45:42 +02:00
platform
platform-drivers-x86 for v6.3-5
2023-04-06 10:13:23 -07:00
pnp
power
power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition
2023-03-12 23:28:04 +01:00
powercap
More power management updates for 6.3-rc1
2023-03-03 10:30:58 -08:00
pps
ps3
ptp
ptp_qoriq: fix memory leak in probe()
2023-03-24 19:17:22 -07:00
pwm
pwm: Zero-initialize the pwm_state passed to driver's .get_state()
2023-03-23 14:44:43 +01:00
rapidio
ras
regulator
regulator: Handle deferred clk
2023-03-27 01:42:01 +01:00
remoteproc
ARM: SoC drivers for 6.3
2023-02-27 10:04:49 -08:00
reset
rpmsg
rpmsg updates for v6.3
2023-02-26 12:10:28 -08:00
rtc
RTC for 6.3
2023-03-03 09:15:50 -08:00
s390
s390/vfio-ap: fix memory leak in vfio_ap device driver
2023-03-27 17:23:08 +02:00
sbus
mm: replace vma->vm_flags direct modifications with modifier calls
2023-02-09 16:51:39 -08:00
scsi
SCSI fixes on 20230407
2023-04-08 11:57:05 -07:00
sh
sh updates for v6.3
2023-03-01 09:44:22 -08:00
siox
slimbus
soc
soc: qcom: rmtfs: handle optional qcom,vmid correctly
2023-03-06 20:13:06 -08:00
soundwire
soundwire updates for 6.3
2023-02-24 17:29:52 -08:00
spi
Devicetree fixes for v6.2, part 3:
2023-04-13 15:21:56 -07:00
spmi
ssb
staging
staging: r8188eu: delete driver
2023-03-09 10:06:28 +01:00
target
scsi: target: iscsi: Fix an error message in iscsi_check_key()
2023-03-06 16:50:42 -05:00
tc
tee
AMDTEE fix race condition in amdtee_open_session()
2023-03-17 15:30:31 +01:00
thermal
Merge branch 'thermal-intel-fixes'
2023-03-31 12:02:46 +02:00
thunderbolt
thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit
2023-03-20 19:00:58 +02:00
tty
TTY/Serial driver fixes for 6.3-rc6
2023-04-08 12:17:46 -07:00
ufs
scsi: Revert "scsi: ufs: core: Initialize devfreq synchronously"
2023-04-02 21:12:34 -04:00
uio
- Daniel Verkamp has contributed a memfd series ("mm/memfd: add
2023-02-23 17:09:35 -08:00
usb
usb: cdnsp: Fixes error: uninitialized symbol 'len'
2023-04-05 19:55:04 +02:00
vdpa
vdpa_sim_net: complete the initialization before register the device
2023-04-04 14:22:12 -04:00
vfio
vfio/mlx5: Fix the report of dirty_bytes upon pre-copy
2023-03-13 12:50:59 -06:00
vhost
vhost-scsi: Fix crash during LUN unmapping
2023-04-04 11:01:58 -04:00
video
Short summary of fixes pull:
2023-04-13 20:47:58 +02:00
virt
virt/coco/sev-guest: Add throttling awareness
2023-03-13 13:29:27 +01:00
virtio
virtio,vhost,vdpa: features, fixes
2023-02-25 11:48:02 -08:00
vlynq
w1
w1: ds2482: Convert to i2c's .probe_new()
2023-03-09 21:58:57 +01:00
watchdog
linux-watchdog 6.3-rc1 tag
2023-03-02 11:12:01 -08:00
xen
xen: branch for v6.3-rc3
2023-03-17 10:45:49 -07:00
zorro
Kconfig
Makefile
Kbuild updates for v6.3
2023-02-26 11:53:25 -08:00