On Tue, Sep 01, 2020 at 01:01:27PM -0700, David Miller wrote:
From: Rustam Kovhaev <redacted>
Date: Sun, 30 Aug 2020 06:13:36 -0700
quoted
when register_netdevice(dev) fails we should check whether struct
veth_rq has been allocated via ndo_init callback and free it, because,
depending on the code path, register_netdevice() might not call
priv_destructor() callback
Reported-and-tested-by: syzbot+59ef240dd8f0ed7598a8@syzkaller.appspotmail.com
Link: https://syzkaller.appspot.com/bug?extid=59ef240dd8f0ed7598a8
Signed-off-by: Rustam Kovhaev <redacted>
I think I agree with Toshiaki here. There is no reason why the
rollback_registered() path of register_netdevice() should behave
differently from the normal control flow.
Any code path that invokes ->ndo_uninit() should probably also
invoke the priv destructor.
hi David, thank you for the review!
The question is why does the err_uninit: label of register_netdevice
behave differently from rollback_registered()? If there is a reason,
it should be documented in a comment or similar. If it is wrong,
it should be corrected.
good question, that i do not know, i'll review it