Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-5.4 / c27bdce2b916b01c27615467c69d357d3426c42f^1..c27bdce2b916b01c27615467c69d357d3426c42f / .
commitc27bdce2b916b01c27615467c69d357d3426c42f[log] [tgz]
authorDavid S. Miller <davem@davemloft.net>Sat Jul 30 21:11:08 2016 -0700
committerDavid S. Miller <davem@davemloft.net>Sat Jul 30 21:11:08 2016 -0700
tree93c36c2d45305788c3c869bd9d636dbaaa3a70f7
parent122e9b71273f9d99ed90d51709674bc69c175fa0 [diff]
parent0759e552bce7257db542e203a01a9ef8843c751e [diff]
Merge branch 'macsec-fixes'

Sabrina Dubroca says:

====================
macsec: reference counting fixes

Patch 1 adds explicit reference counting on RXSCs, instead of the
current implicit reference counting using the RXSA's refcount.

Patch 2 fixes possible kernel panics during module unload caused by an
RCU callback that schedules another RCU callback, which the
rcu_barrier() added in b196c22af5c3 ("macsec: add rcu_barrier() on
module exit") didn't protect against.

Patch 3 fixes a refcounting issue with the underlying device for a
macsec device when link creation fails.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index 2d0beb1..d13e6e1 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c

@@ -344,7 +344,6 @@
 
 	crypto_free_aead(sa->key.tfm);
 	free_percpu(sa->stats);
-	macsec_rxsc_put(sa->sc);
 	kfree(sa);
 }
 
@@ -863,6 +862,7 @@
 	struct net_device *dev = skb->dev;
 	struct macsec_dev *macsec = macsec_priv(dev);
 	struct macsec_rx_sa *rx_sa = macsec_skb_cb(skb)->rx_sa;
+	struct macsec_rx_sc *rx_sc = rx_sa->sc;
 	int len, ret;
 	u32 pn;
 
@@ -891,6 +891,7 @@
 
 out:
 	macsec_rxsa_put(rx_sa);
+	macsec_rxsc_put(rx_sc);
 	dev_put(dev);
 }
 
@@ -1106,6 +1107,7 @@
 
 	list_for_each_entry_rcu(macsec, &rxd->secys, secys) {
 		struct macsec_rx_sc *sc = find_rx_sc(&macsec->secy, sci);
+		sc = sc ? macsec_rxsc_get(sc) : NULL;
 
 		if (sc) {
 			secy = &macsec->secy;
@@ -1180,8 +1182,10 @@
 
 	if (IS_ERR(skb)) {
 		/* the decrypt callback needs the reference */
-		if (PTR_ERR(skb) != -EINPROGRESS)
+		if (PTR_ERR(skb) != -EINPROGRESS) {
 			macsec_rxsa_put(rx_sa);
+			macsec_rxsc_put(rx_sc);
+		}
 		rcu_read_unlock();
 		*pskb = NULL;
 		return RX_HANDLER_CONSUMED;
@@ -1197,6 +1201,7 @@
 
 	if (rx_sa)
 		macsec_rxsa_put(rx_sa);
+	macsec_rxsc_put(rx_sc);
 
 	ret = gro_cells_receive(&macsec->gro_cells, skb);
 	if (ret == NET_RX_SUCCESS)
@@ -1212,6 +1217,7 @@
 drop:
 	macsec_rxsa_put(rx_sa);
 drop_nosa:
+	macsec_rxsc_put(rx_sc);
 	rcu_read_unlock();
 drop_direct:
 	kfree_skb(skb);
@@ -1646,7 +1652,7 @@
 
 	rtnl_lock();
 	rx_sc = get_rxsc_from_nl(genl_info_net(info), attrs, tb_rxsc, &dev, &secy);
-	if (IS_ERR(rx_sc) || !macsec_rxsc_get(rx_sc)) {
+	if (IS_ERR(rx_sc)) {
 		rtnl_unlock();
 		return PTR_ERR(rx_sc);
 	}
@@ -3173,6 +3179,8 @@
 	if (err < 0)
 		return err;
 
+	dev_hold(real_dev);
+
 	/* need to be already registered so that ->init has run and
 	 * the MAC addr is set
 	 */
@@ -3201,8 +3209,6 @@
 
 	macsec_generation++;
 
-	dev_hold(real_dev);
-
 	return 0;
 
 del_dev: