git.ipfire.org Git - thirdparty/kernel/linux.git/commit

Merge branch 'net-fix-race-of-rtnl_net_lock-dev_net-dev'

Kuniyuki Iwashima says:

====================
net: Fix race of rtnl_net_lock(dev_net(dev)).

Yael Chemla reported that commit 7fb1073300a2 ("net: Hold rtnl_net_lock()
in (un)?register_netdevice_notifier_dev_net().") started to trigger KASAN's
use-after-free splat.

The problem is that dev_net(dev) fetched before rtnl_net_lock() might be
different after rtnl_net_lock().

The patch 2 fixes the issue by checking dev_net(dev) after rtnl_net_lock(),
and the patch 3 fixes the same potential issue that would emerge once RTNL
is removed.

v4: https://lore.kernel.org/20250212064206.18159-1-kuniyu@amazon.com
v3: https://lore.kernel.org/20250211051217.12613-1-kuniyu@amazon.com
v2: https://lore.kernel.org/20250207044251.65421-1-kuniyu@amazon.com
v1: https://lore.kernel.org/20250130232435.43622-1-kuniyu@amazon.com
====================

Link: https://patch.msgid.link/20250217191129.19967-1-kuniyu@amazon.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

author	Jakub Kicinski <kuba@kernel.org>
	Wed, 19 Feb 2025 02:33:31 +0000 (18:33 -0800)
committer	Jakub Kicinski <kuba@kernel.org>
	Wed, 19 Feb 2025 02:33:32 +0000 (18:33 -0800)
commit	a92c3228766429fe175ecc815f895043ea505587
tree	1e47db05f7a5332144f6f601fd7e5c778adb81b6	tree
parent	f6093c5ec74d5cc495f89bd359253d9c738d04d9	commit \| diff
parent	d4c6bfc83936cb61fac99e9891c406fbdd40f964	commit \| diff