target/linux/generic/backport-4.14/401-v5.2-leds-trigger-netdev-fix-refcnt-leak-on-interface-ren.patch

   1 From dd7590a3ab3f0804ed5e930295e2caa5979e3958 Mon Sep 17 00:00:00 2001
   2 From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal@milecki.pl>
   3 Date: Thu, 28 Feb 2019 22:57:33 +0100
   4 Subject: [PATCH] leds: trigger: netdev: fix refcnt leak on interface rename
   5 MIME-Version: 1.0
   6 Content-Type: text/plain; charset=UTF-8
   7 Content-Transfer-Encoding: 8bit
   8
   9 Renaming a netdev-trigger-tracked interface was resulting in an
  10 unbalanced dev_hold().
  11
  12 Example:
  13 > iw phy phy0 interface add foo type __ap
  14 > echo netdev > trigger
  15 > echo foo > device_name
  16 > ip link set foo name bar
  17 > iw dev bar del
  18 [  237.355366] unregister_netdevice: waiting for bar to become free. Usage count = 1
  19 [  247.435362] unregister_netdevice: waiting for bar to become free. Usage count = 1
  20 [  257.545366] unregister_netdevice: waiting for bar to become free. Usage count = 1
  21
  22 Above problem was caused by trigger checking a dev->name which obviously
  23 changes after renaming an interface. It meant missing all further events
  24 including the NETDEV_UNREGISTER which is required for calling dev_put().
  25
  26 This change fixes that by:
  27 1) Comparing device struct *address* for notification-filtering purposes
  28 2) Dropping unneeded NETDEV_CHANGENAME code (no behavior change)
  29
  30 Fixes: 06f502f57d0d ("leds: trigger: Introduce a NETDEV trigger")
  31 Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
  32 Acked-by: Pavel Machek <pavel@ucw.cz>
  33 Signed-off-by: Jacek Anaszewski <jacek.anaszewski@gmail.com>
  34 ---
  35  drivers/leds/trigger/ledtrig-netdev.c | 13 +++++--------
  36  1 file changed, 5 insertions(+), 8 deletions(-)
  37
  38 --- a/drivers/leds/trigger/ledtrig-netdev.c
  39 +++ b/drivers/leds/trigger/ledtrig-netdev.c
  40 @@ -299,11 +299,11 @@ static int netdev_trig_notify(struct not
  41                                                             notifier);
  42
  43         if (evt != NETDEV_UP && evt != NETDEV_DOWN && evt != NETDEV_CHANGE
  44 -           && evt != NETDEV_REGISTER && evt != NETDEV_UNREGISTER
  45 -           && evt != NETDEV_CHANGENAME)
  46 +           && evt != NETDEV_REGISTER && evt != NETDEV_UNREGISTER)
  47                 return NOTIFY_DONE;
  48
  49 -       if (strcmp(dev->name, trigger_data->device_name))
  50 +       if (!(dev == trigger_data->net_dev ||
  51 +             (evt == NETDEV_REGISTER && !strcmp(dev->name, trigger_data->device_name))))
  52                 return NOTIFY_DONE;
  53
  54         cancel_delayed_work_sync(&trigger_data->work);
  55 @@ -318,12 +318,9 @@ static int netdev_trig_notify(struct not
  56                 dev_hold(dev);
  57                 trigger_data->net_dev = dev;
  58                 break;
  59 -       case NETDEV_CHANGENAME:
  60         case NETDEV_UNREGISTER:
  61 -               if (trigger_data->net_dev) {
  62 -                       dev_put(trigger_data->net_dev);
  63 -                       trigger_data->net_dev = NULL;
  64 -               }
  65 +               dev_put(trigger_data->net_dev);
  66 +               trigger_data->net_dev = NULL;
  67                 break;
  68         case NETDEV_UP:
  69         case NETDEV_CHANGE: