Re: [syzbot] [net?] general protection fault in rtnl_create_link

From: Jakub Kicinski
Date: Mon Apr 14 2025 - 13:37:36 EST

Next message: Tejun Heo: "Re: [PATCH v3] rust: workqueue: remove HasWork::OFFSET"
Previous message: Miguel Ojeda: "Re: [PATCH v3] rust: workqueue: remove HasWork::OFFSET"
In reply to: syzbot: "Re: [syzbot] [net?] general protection fault in rtnl_create_link"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 13 Apr 2025 19:30:46 -0700 Kuniyuki Iwashima wrote:
> diff --git a/include/net/netdev_lock.h b/include/net/netdev_lock.h
> index 5706835a660c..270e157a4a79 100644
> --- a/include/net/netdev_lock.h
> +++ b/include/net/netdev_lock.h
> @@ -30,7 +30,8 @@ static inline bool netdev_need_ops_lock(const struct net_device *dev)
> bool ret = dev->request_ops_lock || !!dev->queue_mgmt_ops;
>
> #if IS_ENABLED(CONFIG_NET_SHAPER)
> - ret |= !!dev->netdev_ops->net_shaper_ops;
> + if (dev->netdev_ops)
> + ret |= !!dev->netdev_ops->net_shaper_ops;
> #endif

This is a bit surprising, we pretty much never validate if dev has ops.

I think we're guaranteed that IFF_UP will not be set if we just
allocated the device, so we can remove the locks in rtnl_create_link()
and to double confirm add a netdev_ops_assert_locked_or_invisible()
in netif_state_change() ?

Next message: Tejun Heo: "Re: [PATCH v3] rust: workqueue: remove HasWork::OFFSET"
Previous message: Miguel Ojeda: "Re: [PATCH v3] rust: workqueue: remove HasWork::OFFSET"
In reply to: syzbot: "Re: [syzbot] [net?] general protection fault in rtnl_create_link"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]