forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/net/bridge
History
Nikolay Aleksandrov 019b1332af bridge: fix br_stp_set_bridge_priority race conditions 
[ Upstream commit 2dab80a8b4 ]

After the ->set() spinlocks were removed br_stp_set_bridge_priority
was left running without any protection when used via sysfs. It can
race with port add/del and could result in use-after-free cases and
corrupted lists. Tested by running port add/del in a loop with stp
enabled while setting priority in a loop, crashes are easily
reproducible.
The spinlocks around sysfs ->set() were removed in commit:
14f98f258f ("bridge: range check STP parameters")
There's also a race condition in the netlink priority support that is
fixed by this change, but it was introduced recently and the fixes tag
covers it, just in case it's needed the commit is:
af615762e9 ("bridge: add ageing_time, stp_state, priority over netlink")

Signed-off-by: Nikolay Aleksandrov <razor@blackwall.org>
Fixes: 14f98f258f ("bridge: range check STP parameters")
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-07-10 10:40:20 -07:00
..
netfilter netfilter: Can't fail and free after table replacement 2014-05-30 21:52:11 -07:00
br.c net:bridge: use IS_ENABLED 2011-12-16 15:49:52 -05:00
br_device.c net: vlan: rename NETIF_F_HW_VLAN_* feature flags to NETIF_F_HW_VLAN_CTAG_* 2013-04-19 14:45:26 -04:00
br_fdb.c bridge: Use the correct bit length for bitmap functions in the VLAN code 2013-09-14 06:54:55 -07:00
br_forward.c bridge: Implement vlan ingress/egress policy with PVID. 2013-02-13 19:42:15 -05:00
br_if.c bridge: flush br's address entry in fdb when remove the bridge dev 2013-12-08 07:29:26 -08:00
br_input.c bridge: Fix double free and memory leak around br_allowed_ingress 2014-05-30 21:52:14 -07:00
br_ioctl.c bridge: fix br_stp_set_bridge_priority race conditions 2015-07-10 10:40:20 -07:00
br_mdb.c rtnetlink: Remove passing of attributes into rtnl_doit functions 2013-03-22 10:31:16 -04:00
br_multicast.c bridge: fix multicast router rlist endless loop 2015-07-10 10:40:20 -07:00
br_netfilter.c net: vlan: add protocol argument to packet tagging functions 2013-04-19 14:46:06 -04:00
br_netlink.c bridge: Handle IFLA_ADDRESS correctly when creating bridge device 2014-05-30 21:52:16 -07:00
br_notify.c bridge: respect RFC2863 operational state 2012-12-30 02:31:43 -08:00
br_private.h br: fix use of ->rx_handler_data in code executed on non-rx_handler path 2014-11-21 09:22:54 -08:00
br_private_stp.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
br_stp.c bridge: Clamp forward_delay when enabling STP 2013-10-13 16:08:29 -07:00
br_stp_bpdu.c br: fix use of ->rx_handler_data in code executed on non-rx_handler path 2014-11-21 09:22:54 -08:00
br_stp_if.c bridge: fix br_stp_set_bridge_priority race conditions 2015-07-10 10:40:20 -07:00
br_stp_timer.c bridge: fix race with topology change timer 2013-05-03 16:08:58 -04:00
br_sysfs_br.c bridge: Add vlan filtering infrastructure 2013-02-13 19:41:46 -05:00
br_sysfs_if.c bridge: implement multicast fast leave 2012-12-05 16:24:45 -05:00
br_vlan.c bridge: Fix double free and memory leak around br_allowed_ingress 2014-05-30 21:52:14 -07:00
Kconfig bridge: Add vlan filtering infrastructure 2013-02-13 19:41:46 -05:00
Makefile bridge: Add vlan filtering infrastructure 2013-02-13 19:41:46 -05:00