From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754536AbbLLESo (ORCPT ); Fri, 11 Dec 2015 23:18:44 -0500 Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:45665 "EHLO shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751390AbbLLESn (ORCPT ); Fri, 11 Dec 2015 23:18:43 -0500 Message-ID: <1449893906.3836.5.camel@decadent.org.uk> Subject: Re: [PATCH 3.16.y-ckt 009/126] sit: fix sit0 percpu double allocations From: Ben Hutchings To: Eric Dumazet Cc: Steffen Klassert , "David S. Miller" , Luis Henriques , linux-kernel@vger.kernel.org, stable@vger.kernel.org, kernel-team@lists.ubuntu.com Date: Sat, 12 Dec 2015 04:18:26 +0000 In-Reply-To: <1449653896-5236-10-git-send-email-luis.henriques@canonical.com> References: <1449653896-5236-1-git-send-email-luis.henriques@canonical.com> <1449653896-5236-10-git-send-email-luis.henriques@canonical.com> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-SjtCnxz/AG+2TPYXUmND" X-Mailer: Evolution 3.18.2-1 Mime-Version: 1.0 X-SA-Exim-Connect-IP: 192.168.4.247 X-SA-Exim-Mail-From: ben@decadent.org.uk X-SA-Exim-Scanned: No (on shadbolt.decadent.org.uk); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --=-SjtCnxz/AG+2TPYXUmND Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, 2015-12-09 at 09:36 +0000, Luis Henriques wrote: > 3.16.7-ckt21 -stable review patch.=C2=A0=C2=A0If anyone has any objection= s, > please let me know. >=20 > ------------------ >=20 > From: Eric Dumazet >=20 > commit 4ece9009774596ee3df0acba65a324b7ea79387c upstream. >=20 > sit0 device allocates its percpu storage twice : > - One time in ipip6_tunnel_init() > - One time in ipip6_fb_tunnel_init() >=20 > Thus we leak 48 bytes per possible cpu per network namespace > dismantle. >=20 > ipip6_fb_tunnel_init() can be much simpler and does not > return an error, and should be called after register_netdev() [...] Doesn't this introduce a race condition when sit is a module? =C2=A0There seems to be nothing to prevent access to the partially initialised device after calling register_netdev(), if sit_init_net() is called during module loading rather than during namespace creation. Ben. --=20 Ben Hutchings Knowledge is power. France is bacon. --=-SjtCnxz/AG+2TPYXUmND Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUAVmugEue/yOyVhhEJAQq2RxAAk7gYv8MRjLtM7Y1DbtF3TgFWpXgRNegI K0KrjLIcGf16+YFnhIvZNkj8ThWFvZSTCbh9Cg5GIUbgUxsn20jl1eyFmx+7Dcoa W5fAgpyOq0DYdLs6I6M1mtxvfaec8zL5wcY9iZwCPBagyvn2Q9uh6dOQnGacTb2k De4VhuWqWE4fSnn0Uno2nxEwlRpRTAswAOjTHx2f4753CxkEKoh37ZZDpcXgapXm FBXfJ8iCm5d7HLL+ml634PMjM32UAJ0IWIsZRFDB8xlNyDkPVhZRHtX/sW2uBBn5 rWbHMpGjG3CgMz3xRN6ubIrVyPBbY9kR8a2v/zceGrMPCjJyg4dYSWcFxue8SSHB 5bX0AIubW7o78CKrKv5XYP+aWl/eAt2LCvCsy2ldRjrIMI/i/k3IJ9zKtN/Jrhri RcWzEhAxtYnlZfyjOd/QSBGzzj9uQQBpvcaMstHnpxe+IYdxn85DSiqh1vTYdODQ +Km7jsmk3aduER57O0YGk6LqK23V4LIL8/ZUqMpU7ZDzInc+FLAcNJuUczO1KLOG 3tcCujF0YS4b8PDDI4MKE2UeLUqlbUzDeM+Inzkm1ecQuHlVqO8pLnC4z/m7l3AE 07ozt5rxs9WB2gLpYh8RrOu6/ASEZMMvU+HFhC2yhwwMjQDm8PJphcVlBdQ79EvB JnbaNkwnq8c= =qMrb -----END PGP SIGNATURE----- --=-SjtCnxz/AG+2TPYXUmND--