• Patrick McHardy's avatar
    [NET]: rtnl_link: fix use-after-free · 68365458
    Patrick McHardy authored
    When unregistering the rtnl_link_ops, all existing devices using
    the ops are destroyed. With nested devices this may lead to a
    use-after-free despite the use of for_each_netdev_safe() in case
    the upper device is next in the device list and is destroyed
    by the NETDEV_UNREGISTER notifier.
    
    The easy fix is to restart scanning the device list after removing
    a device. Alternatively we could add new devices to the front of
    the list to avoid having dependant devices follow the device they
    depend on. A third option would be to only restart scanning if
    dev->iflink of the next device matches dev->ifindex of the current
    one. For now this seems like the safest solution.
    
    With this patch, the veth rtnl_link_ops unregistration can use
    rtnl_link_unregister() directly since it now also handles destruction
    of multiple devices at once.
    Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    68365458
veth.c 9.24 KB