Commit 4798cfa2 authored Apr 15, 2025 by Jakub Kicinski

net: don't try to ops lock uninitialized devs



We need to be careful when operating on dev while in rtnl_create_link().
Some devices (vxlan) initialize netdev_ops in ->newlink, so later on.
Avoid using netdev_lock_ops(), the device isn't registered so we
cannot legally call its ops or generate any notifications for it.

netdev_ops_assert_locked_or_invisible() is safe to use, it checks
registration status first.

Reported-by:  <syzbot+de1c7d68a10e3f123bdd@syzkaller.appspotmail.com>
Fixes: 04efcee6 ("net: hold instance lock during NETDEV_CHANGE")
Acked-by: Stanislav Fomichev <sdf@fomichev.me>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://patch.msgid.link/20250415151552.768373-1-kuba@kernel.org


Signed-off-by: Jakub Kicinski <kuba@kernel.org>

parent 2a5970d5

net/core/dev.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -1520,6 +1520,8 @@ EXPORT_SYMBOL(netdev_features_change);

		void netif_state_change(struct net_device *dev)
		{
		netdev_ops_assert_locked_or_invisible(dev);

		if (dev->flags & IFF_UP) {
		struct netdev_notifier_change_info change_info = {
		.info.dev = dev,

net/core/rtnetlink.c

+1 −4

Original line number	Diff line number	Diff line
		@@ -3676,11 +3676,8 @@ struct net_device rtnl_create_link(struct net net, const char *ifname,
		nla_len(tb[IFLA_BROADCAST]));
		if (tb[IFLA_TXQLEN])
		dev->tx_queue_len = nla_get_u32(tb[IFLA_TXQLEN]);
		if (tb[IFLA_OPERSTATE]) {
		netdev_lock_ops(dev);
		if (tb[IFLA_OPERSTATE])
		set_operstate(dev, nla_get_u8(tb[IFLA_OPERSTATE]));
		netdev_unlock_ops(dev);
		}
		if (tb[IFLA_LINKMODE])
		dev->link_mode = nla_get_u8(tb[IFLA_LINKMODE]);
		if (tb[IFLA_GROUP])