forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/net/bridge
History
Jiri Pirko a4ad890a7e br: fix use of ->rx_handler_data in code executed on non-rx_handler path 
commit 859828c0ea upstream.

br_stp_rcv() is reached by non-rx_handler path. That means there is no
guarantee that dev is bridge port and therefore simple NULL check of
->rx_handler_data is not enough. There is need to check if dev is really
bridge port and since only rcu read lock is held here, do it by checking
->rx_handler pointer.

Note that synchronize_net() in netdev_rx_handler_unregister() ensures
this approach as valid.

Introduced originally by:
commit f350a0a873
  "bridge: use rx_handler_data pointer to store net_bridge_port pointer"

Fixed but not in the best way by:
commit b5ed54e94d
  "bridge: fix RCU races with bridge port"

Reintroduced by:
commit 716ec052d2
  "bridge: fix NULL pointer deref of br_port_get_rcu"

Please apply to stable trees as well. Thanks.

RH bugzilla reference: https://bugzilla.redhat.com/show_bug.cgi?id=1025770

Reported-by: Laine Stump <laine@redhat.com>
Debugged-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Andrew Collins <bsderandrew@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-11-21 09:22:54 -08:00
..
netfilter netfilter: Can't fail and free after table replacement 2014-05-30 21:52:11 -07:00
br.c net:bridge: use IS_ENABLED 2011-12-16 15:49:52 -05:00
br_device.c net: vlan: rename NETIF_F_HW_VLAN_* feature flags to NETIF_F_HW_VLAN_CTAG_* 2013-04-19 14:45:26 -04:00
br_fdb.c bridge: Use the correct bit length for bitmap functions in the VLAN code 2013-09-14 06:54:55 -07:00
br_forward.c bridge: Implement vlan ingress/egress policy with PVID. 2013-02-13 19:42:15 -05:00
br_if.c bridge: flush br's address entry in fdb when remove the bridge dev 2013-12-08 07:29:26 -08:00
br_input.c bridge: Fix double free and memory leak around br_allowed_ingress 2014-05-30 21:52:14 -07:00
br_ioctl.c net: Allow userns root to control the network bridge code. 2012-11-18 20:33:00 -05:00
br_mdb.c rtnetlink: Remove passing of attributes into rtnl_doit functions 2013-03-22 10:31:16 -04:00
br_multicast.c bridge: multicast: add sanity check for query source addresses 2014-04-14 06:42:15 -07:00
br_netfilter.c net: vlan: add protocol argument to packet tagging functions 2013-04-19 14:46:06 -04:00
br_netlink.c bridge: Handle IFLA_ADDRESS correctly when creating bridge device 2014-05-30 21:52:16 -07:00
br_notify.c bridge: respect RFC2863 operational state 2012-12-30 02:31:43 -08:00
br_private.h br: fix use of ->rx_handler_data in code executed on non-rx_handler path 2014-11-21 09:22:54 -08:00
br_private_stp.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
br_stp.c bridge: Clamp forward_delay when enabling STP 2013-10-13 16:08:29 -07:00
br_stp_bpdu.c br: fix use of ->rx_handler_data in code executed on non-rx_handler path 2014-11-21 09:22:54 -08:00
br_stp_if.c bridge: Correctly clamp MAX forward_delay when enabling STP 2013-11-04 04:31:03 -08:00
br_stp_timer.c bridge: fix race with topology change timer 2013-05-03 16:08:58 -04:00
br_sysfs_br.c bridge: Add vlan filtering infrastructure 2013-02-13 19:41:46 -05:00
br_sysfs_if.c bridge: implement multicast fast leave 2012-12-05 16:24:45 -05:00
br_vlan.c bridge: Fix double free and memory leak around br_allowed_ingress 2014-05-30 21:52:14 -07:00
Kconfig bridge: Add vlan filtering infrastructure 2013-02-13 19:41:46 -05:00
Makefile bridge: Add vlan filtering infrastructure 2013-02-13 19:41:46 -05:00