[PATCH net-next V2] tuntap: fix possible deadlock when fail to register netdev

From: Jason Wang
Date: Thu Dec 07 2017 - 23:02:47 EST


Private destructor could be called when register_netdev() fail with
rtnl lock held. This will lead deadlock in tun_free_netdev() who tries
to hold rtnl_lock. Fixing this by switching to use spinlock to
synchronize.

Fixes: 96f84061620c ("tun: add eBPF based queue selection method")
Reported-by: Eric Dumazet <eric.dumazet@xxxxxxxxx>
Cc: Eric Dumazet <eric.dumazet@xxxxxxxxx>
Cc: Willem de Bruijn <willemb@xxxxxxxxxx>
Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>
---
drivers/net/tun.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index 787cc35..8d85163 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -2050,8 +2050,11 @@ static int __tun_set_steering_ebpf(struct tun_struct *tun,
new->prog = prog;
}

- old = rtnl_dereference(tun->steering_prog);
+ spin_lock_bh(&tun->lock);
+ old = rcu_dereference_protected(tun->steering_prog,
+ lockdep_is_held(&tun->lock));
rcu_assign_pointer(tun->steering_prog, new);
+ spin_unlock_bh(&tun->lock);

if (old)
call_rcu(&old->rcu, tun_steering_prog_free);
@@ -2067,9 +2070,7 @@ static void tun_free_netdev(struct net_device *dev)
free_percpu(tun->pcpu_stats);
tun_flow_uninit(tun);
security_tun_dev_free_security(tun->security);
- rtnl_lock();
__tun_set_steering_ebpf(tun, NULL);
- rtnl_unlock();
}

static void tun_setup(struct net_device *dev)
--
2.7.4