OpenVZ Forum: Devel » [PATCH] vlan: fix potential race in vlan_cleanup_module vs vlan_ioctl

Home » Mailing lists » Devel » [PATCH] vlan: fix potential race in vlan_cleanup_module vs vlan_ioctl_handler

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

[PATCH] vlan: fix potential race in vlan_cleanup_module vs vlan_ioctl_handler [message #24842]

Tue, 11 December 2007 10:25

Pavel Emelianov
Messages: 1149
Registered: September 2006

Senior Member

The vlan module cleanup function starts with

	vlan_netlink_fini();
	vlan_ioctl_set(NULL);

The first call removes all the vlan devices and
the second one closes the vlan ioctl.

AFAIS there's a tiny race window between these two
calls - after rtnl unregistered all the vlans, but 
the ioctl handler isn't set to NULL yet, user can 
manage to call this ioctl and create one vlan device, 
and that this function will later BUG_ON seeing 
non-emply hashes.

I think, that we must first close the vlan ioctl
and only after this remove all the vlans with the
vlan_netlink_fini() call.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>

---

diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c
index 5b18315..4add9bd 100644
--- a/net/8021q/vlan.c
+++ b/net/8021q/vlan.c
@@ -124,8 +124,8 @@ static void __exit vlan_cleanup_module(void)
 {
 	int i;
 
-	vlan_netlink_fini();
 	vlan_ioctl_set(NULL);
+	vlan_netlink_fini();
 
 	/* Un-register us from receiving netdevice events */
 	unregister_netdevice_notifier(&vlan_notifier_block);

Report message to a moderator

Re: [PATCH] vlan: fix potential race in vlan_cleanup_module vs vlan_ioctl_handler [message #24845 is a reply to message #24842]

Tue, 11 December 2007 10:38

Patrick McHardy
Messages: 107
Registered: March 2006

Senior Member

Pavel Emelyanov wrote:
> The vlan module cleanup function starts with
> 
> 	vlan_netlink_fini();
> 	vlan_ioctl_set(NULL);
> 
> The first call removes all the vlan devices and
> the second one closes the vlan ioctl.
> 
> AFAIS there's a tiny race window between these two
> calls - after rtnl unregistered all the vlans, but 
> the ioctl handler isn't set to NULL yet, user can 
> manage to call this ioctl and create one vlan device, 
> and that this function will later BUG_ON seeing 
> non-emply hashes.

Indeed, I can't see anything preventing this.

> I think, that we must first close the vlan ioctl
> and only after this remove all the vlans with the
> vlan_netlink_fini() call.

That looks correct, thanks Pavel. Dave, please apply.

Report message to a moderator

Re: [PATCH] vlan: fix potential race in vlan_cleanup_module vs vlan_ioctl_handler [message #24846 is a reply to message #24845]

Tue, 11 December 2007 10:41

davem
Messages: 463
Registered: February 2006

Senior Member

From: Patrick McHardy <kaber@trash.net>
Date: Tue, 11 Dec 2007 11:38:38 +0100

> Pavel Emelyanov wrote:
> > AFAIS there's a tiny race window between these two
> > calls - after rtnl unregistered all the vlans, but 
> > the ioctl handler isn't set to NULL yet, user can 
> > manage to call this ioctl and create one vlan device, 
> > and that this function will later BUG_ON seeing 
> > non-emply hashes.
> 
> Indeed, I can't see anything preventing this.
> 
> > I think, that we must first close the vlan ioctl
> > and only after this remove all the vlans with the
> > vlan_netlink_fini() call.
> 
> That looks correct, thanks Pavel. Dave, please apply.

Applied to net-2.6, thanks!

Report message to a moderator

Previous Topic:	[PATCH 2.6.25] netns: struct net content re-work
Next Topic:	[PATCH 2.6.25] UNIX: remove unused declaration of sysctl_unix_max_dgram_qlen (resend, wrong patch wa

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Tue Jul 16 18:52:44 GMT 2024

Total time taken to generate the page: 0.02961 seconds