Hi!
Can someone check this? AFAICT this is buggy.
static int llc_ui_autobind(struct socket *sock, struct sockaddr_llc *addr) { struct sock *sk = sock->sk; struct llc_sock *llc = llc_sk(sk); struct llc_sap *sap; int rc = -EINVAL;
if (!sock_flag(sk, SOCK_ZAPPED)) goto out;There are 'goto out's from both before dev_get() and after it, dev_put() will be called with NULL pointer. dev_put() can't handle NULL at least in the old kernels... this is simply confused.
Mainline has dev_put_track() there, but I see same confusion.
Best regards,
commit 2d327a79ee17 ("llc: only change llc->dev when bind() succeeds"), https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=2d...
Should be in mainline on Thursday, LMK if we need to accelerate. IDK if anyone enables LLC2.
I'll queue this up now, thanks.
As the changelog says, this needs b37a46683739, otherwise there will be oops-es in even more cases.
Best regards, Pavel