• Jiri Bohac's avatar
    bonding: fix a race condition in calls to slave MII ioctls · d9d52832
    Jiri Bohac authored
    In mii monitor mode, bond_check_dev_link() calls the the ioctl
    handler of slave devices. It stores the ndo_do_ioctl function
    pointer to a static (!) ioctl variable and later uses it to call the
    handler with the IOCTL macro.
    
    If another thread executes bond_check_dev_link() at the same time
    (even with a different bond, which none of the locks prevent), a
    race condition occurs. If the two racing slaves have different
    drivers, this may result in one driver's ioctl handler being
    called with a pointer to a net_device controlled with a different
    driver, resulting in unpredictable breakage.
    
    Unless I am overlooking something, the "static" must be a
    copy'n'paste error (?).
    Signed-off-by: default avatarJiri Bohac <jbohac@suse.cz>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    d9d52832
bond_main.c 133 KB