sugar/linux
1
0
Fork 0
Code Activity

bonding: fix race condition in bonding_store_slaves_active

Browse Source 
Race between bonding_store_slaves_active() and slave manipulation
 functions. The bond_for_each_slave use in bonding_store_slaves_active()
 is not protected by any synchronization mechanism.
 NULL pointer dereference is easy to reach.
 Fixed by acquiring the bond->lock for the slave walk.

 v2: Make description text < 75 columns

Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com>
Signed-off-by: Jay Vosburgh <fubar@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
nikolay@redhat.com
2012-11-29 01:37:59 +00:00
committed by David S. Miller
parent 90fb6250c5
commit e196c0e579
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
drivers/net/bonding/bond_sysfs.c
View File

@@ -1568,6 +1568,7 @@ static ssize_t bonding_store_slaves_active(struct device *d,
goto out; goto out;
} }
read_lock(&bond->lock);
bond_for_each_slave(bond, slave, i) { bond_for_each_slave(bond, slave, i) {
if (!bond_is_active_slave(slave)) { if (!bond_is_active_slave(slave)) {
if (new_value) if (new_value)
@@ -1576,6 +1577,7 @@ static ssize_t bonding_store_slaves_active(struct device *d,
slave->inactive = 1; slave->inactive = 1;
} }
} }
read_unlock(&bond->lock);
out: out:
return ret; return ret;
} }