Commit f12b69d
batman-adv: Release references to inactive interfaces
Trying to dump the originators or the neighbors via netlink for a meshif
with an inactive primary interface is not allowed. The dump functions were
checking this correctly but they didn't handle non-existing primary
interfaces and existing _inactive_ interfaces differently.
(Primary) batadv_hard_ifaces hold a references to a net_device. And
accessing them is only allowed when either being in a RCU/spinlock
protected section or when holding a valid reference to them. The netlink
dump functions use the latter.
But because the missing specific error handling for inactive primary
interfaces, the reference was never dropped. This reference counting error
was only detected when the interface should have been removed from the
system:
unregister_netdevice: waiting for batadv_slave_0 to become free. Usage count = 2
Cc: stable@vger.kernel.org
Fixes: 6ecc4fd ("batman-adv: netlink: reduce duplicate code by returning interfaces")
Reported-by: syzbot+881d65229ca4f9ae8c84@syzkaller.appspotmail.com
Reported-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>1 parent d69eb20 commit f12b69d
1 file changed
Lines changed: 12 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
764 | 764 | | |
765 | 765 | | |
766 | 766 | | |
767 | | - | |
| 767 | + | |
768 | 768 | | |
769 | 769 | | |
770 | 770 | | |
771 | 771 | | |
| 772 | + | |
| 773 | + | |
| 774 | + | |
| 775 | + | |
| 776 | + | |
772 | 777 | | |
773 | 778 | | |
774 | 779 | | |
| |||
1333 | 1338 | | |
1334 | 1339 | | |
1335 | 1340 | | |
1336 | | - | |
| 1341 | + | |
1337 | 1342 | | |
1338 | 1343 | | |
1339 | 1344 | | |
1340 | 1345 | | |
| 1346 | + | |
| 1347 | + | |
| 1348 | + | |
| 1349 | + | |
| 1350 | + | |
1341 | 1351 | | |
1342 | 1352 | | |
1343 | 1353 | | |
| |||
0 commit comments