On Thu, Jan 5, 2017 at 12:17 PM, David Miller <da...@davemloft.net> wrote: > From: Michael Chan <michael.c...@broadcom.com> > Date: Thu, 5 Jan 2017 12:04:13 -0800 > >> But it looks like ndo_get_stats() can be called without rtnl lock from >> net-procfs.c. So it is possible that we'll read tp->hw_stats after it >> has been freed. For example, if we are reading /proc/net/dev and >> closing tg3 at the same time. David, is not taking rtnl_lock in >> net-procfs.c by design? > > Probably not, that dev_get_stats() call probably should be surrounded > by RTNL protection. > > Doing a quick grep on dev_get_stats() shows other call sites, most of > which are using it to fetch slave device statistics from the get stats > method of the parent. Which should be ok. > > It appears that the vlan procfs code in net/8021q/vlanproc.c has a > similar bug as net/core/net-procfs.c > > Maybe net/core/net-sysfs.c has the same issue as well, and perhaps also > net/openvswitch/vport.c:ovs_vport_get_stats(). >
OK. I will send a patch later today to add rtnl_lock to these callers.
