lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

bridge: fix RCU races with bridge port

Browse Source 
The macro br_port_exists() is not enough protection when only
RCU is being used. There is a tiny race where other CPU has cleared port
handler hook, but is bridge port flag might still be set.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
stephen hemminger
2010-11-15 06:38:13 +00:00
committed by David S. Miller
parent 61391cde9e
commit b5ed54e94d
8 changed files with 44 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
net/bridge/netfilter/ebtables.c
View File

@@ -128,6 +128,7 @@ ebt_basic_match(const struct ebt_entry *e, const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out)
{
const struct ethhdr *h = eth_hdr(skb);
const struct net_bridge_port *p;
__be16 ethproto;
int verdict, i;
@@ -148,13 +149,11 @@ ebt_basic_match(const struct ebt_entry *e, const struct sk_buff *skb,
if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT))
return 1;
/* rcu_read_lock()ed by nf_hook_slow */
if (in && br_port_exists(in) &&
FWINV2(ebt_dev_check(e->logical_in, br_port_get_rcu(in)->br->dev),
EBT_ILOGICALIN))
if (in && (p = br_port_get_rcu(in)) != NULL &&
FWINV2(ebt_dev_check(e->logical_in, p->br->dev), EBT_ILOGICALIN))
return 1;
if (out && br_port_exists(out) &&
FWINV2(ebt_dev_check(e->logical_out, br_port_get_rcu(out)->br->dev),
EBT_ILOGICALOUT))
if (out && (p = br_port_get_rcu(out)) != NULL &&
FWINV2(ebt_dev_check(e->logical_out, p->br->dev), EBT_ILOGICALOUT))
return 1;
if (e->bitmask & EBT_SOURCEMAC) {