linux-sg2042/net/bridge
Jiri Pirko 859828c0ea br: fix use of ->rx_handler_data in code executed on non-rx_handler path
br_stp_rcv() is reached by non-rx_handler path. That means there is no
guarantee that dev is bridge port and therefore simple NULL check of
->rx_handler_data is not enough. There is need to check if dev is really
bridge port and since only rcu read lock is held here, do it by checking
->rx_handler pointer.

Note that synchronize_net() in netdev_rx_handler_unregister() ensures
this approach as valid.

Introduced originally by:
commit f350a0a873
  "bridge: use rx_handler_data pointer to store net_bridge_port pointer"

Fixed but not in the best way by:
commit b5ed54e94d
  "bridge: fix RCU races with bridge port"

Reintroduced by:
commit 716ec052d2
  "bridge: fix NULL pointer deref of br_port_get_rcu"

Please apply to stable trees as well. Thanks.

RH bugzilla reference: https://bugzilla.redhat.com/show_bug.cgi?id=1025770

Reported-by: Laine Stump <laine@redhat.com>
Debugged-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-06 15:41:40 -05:00
..
netfilter netfilter: ebt_ip6: fix source and destination matching 2013-11-19 15:33:29 +01:00
Kconfig bridge: Add vlan filtering infrastructure 2013-02-13 19:41:46 -05:00
Makefile bridge: Add vlan filtering infrastructure 2013-02-13 19:41:46 -05:00
br.c net:bridge: use IS_ENABLED 2011-12-16 15:49:52 -05:00
br_device.c Merge branch 'core-locking-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-11-14 16:30:30 +09:00
br_fdb.c bridge: Don't use VID 0 and 4095 in vlan filtering 2013-10-18 16:02:52 -04:00
br_forward.c bridge: Add a flag to control unicast packet flood. 2013-06-11 02:04:32 -07:00
br_if.c bridge: flush br's address entry in fdb when remove the 2013-11-20 15:31:11 -05:00
br_input.c bridge: pass correct vlan id to multicast code 2013-10-29 17:40:08 -04:00
br_ioctl.c net: Allow userns root to control the network bridge code. 2012-11-18 20:33:00 -05:00
br_mdb.c Revert "bridge: only expire the mdb entry when query is received" 2013-10-22 14:41:02 -04:00
br_multicast.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-11-04 13:48:30 -05:00
br_netfilter.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2013-11-04 19:46:58 -05:00
br_netlink.c bridge: Don't use VID 0 and 4095 in vlan filtering 2013-10-18 16:02:52 -04:00
br_notify.c net: convert resend IGMP to notifier event 2013-07-23 16:52:47 -07:00
br_private.h br: fix use of ->rx_handler_data in code executed on non-rx_handler path 2013-12-06 15:41:40 -05:00
br_private_stp.h net: 8021q/bluetooth/bridge/can/ceph: Remove extern from function prototypes 2013-10-19 19:12:11 -04:00
br_stp.c bridge: Clamp forward_delay when enabling STP 2013-09-12 23:32:14 -04:00
br_stp_bpdu.c br: fix use of ->rx_handler_data in code executed on non-rx_handler path 2013-12-06 15:41:40 -05:00
br_stp_if.c bridge: Correctly clamp MAX forward_delay when enabling STP 2013-10-17 16:12:15 -04:00
br_stp_timer.c bridge: fix race with topology change timer 2013-05-03 16:08:58 -04:00
br_sysfs_br.c bridge: correct the comment for file br_sysfs_br.c 2013-08-07 10:35:06 -07:00
br_sysfs_if.c bridge: Add a flag to control unicast packet flood. 2013-06-11 02:04:32 -07:00
br_vlan.c bridge: Call vlan_vid_del for all vids at nbp_vlan_flush 2013-11-14 16:16:34 -05:00