linux-sg2042/net/bridge
Florian Westphal a13b2082ec bridge: drop netfilter fake rtable unconditionally
Andreas reports kernel oops during rmmod of the br_netfilter module.
Hannes debugged the oops down to a NULL rt6info->rt6i_indev.

Problem is that br_netfilter has the nasty concept of adding a fake
rtable to skb->dst; this happens in a br_netfilter prerouting hook.

A second hook (in bridge LOCAL_IN) is supposed to remove these again
before the skb is handed up the stack.

However, on module unload hooks get unregistered which means an
skb could traverse the prerouting hook that attaches the fake_rtable,
while the 'fake rtable remove' hook gets removed from the hooklist
immediately after.

Fixes: 34666d467c ("netfilter: bridge: move br_netfilter out of the core")
Reported-by: Andreas Karis <akaris@redhat.com>
Debugged-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-03-13 13:01:10 -07:00
..
netfilter lib/vsprintf.c: remove %Z support 2017-02-27 18:43:47 -08:00
Kconfig bridge: Add vlan filtering infrastructure 2013-02-13 19:41:46 -05:00
Makefile bridge: per vlan dst_metadata netlink support 2017-02-03 15:21:22 -05:00
br.c netfilter: bridge: clarify bridge/netfilter message 2016-10-02 22:44:03 -04:00
br_device.c bridge: fdb: converge fdb searching functions into one 2017-02-14 12:41:02 -05:00
br_fdb.c bridge: don't indicate expiry on NTF_EXT_LEARNED fdb entries 2017-02-17 13:56:56 -05:00
br_forward.c net: bridge: allow IPv6 when multicast flood is disabled 2017-03-01 20:55:57 -08:00
br_if.c bridge: move to workqueue gc 2017-02-06 22:53:13 -05:00
br_input.c bridge: drop netfilter fake rtable unconditionally 2017-03-13 13:01:10 -07:00
br_ioctl.c bridge: move to workqueue gc 2017-02-06 22:53:13 -05:00
br_mdb.c bridge: multicast to unicast 2017-01-24 12:39:52 -05:00
br_multicast.c switchdev: bridge: Offload mc router ports 2017-02-10 11:46:39 -05:00
br_netfilter_hooks.c bridge: drop netfilter fake rtable unconditionally 2017-03-13 13:01:10 -07:00
br_netfilter_ipv6.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
br_netlink.c net: bridge: remove redundant check to see if err is set 2017-02-07 14:04:29 -05:00
br_netlink_tunnel.c bridge: vlan tunnel id info range fill size calc cleanups 2017-02-08 14:39:19 -05:00
br_nf_core.c net: Remove protocol from struct dst_ops 2015-03-09 16:06:10 -04:00
br_private.h bridge: fdb: add proper lock checks in searching functions 2017-02-14 12:41:03 -05:00
br_private_stp.h net: bridge: add helper to set topology change 2016-12-10 21:27:23 -05:00
br_private_tunnel.h bridge: vlan dst_metadata hooks in ingress and egress paths 2017-02-03 15:21:22 -05:00
br_stp.c bridge: move to workqueue gc 2017-02-06 22:53:13 -05:00
br_stp_bpdu.c netfilter: Pass net into okfn 2015-09-17 17:18:37 -07:00
br_stp_if.c bridge: move to workqueue gc 2017-02-06 22:53:13 -05:00
br_stp_timer.c bridge: move to workqueue gc 2017-02-06 22:53:13 -05:00
br_switchdev.c bridge: switchdev: Add forward mark support for stacked devices 2016-08-26 13:13:36 -07:00
br_sysfs_br.c sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
br_sysfs_if.c sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
br_vlan.c bridge: Fix error path in nbp_vlan_init 2017-03-01 14:55:28 -08:00
br_vlan_tunnel.c bridge: vlan_tunnel: explicitly reset metadata attrs to NULL on failure 2017-02-17 13:33:41 -05:00