lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 Apr 2012 14:22:26 +0800 From: "Peter Huang (Peng)" <peter.huangpeng@...wei.com> To: shemminger@...tta.com, "'David S. Miller'" <davem@...emloft.net>, netdev@...r.kernel.org Cc: eric.dumazet@...il.com, linux-kernel@...r.kernel.org, ctrix+debianbugs@...ynet.it, peter.huangpeng@...wei.com, peter.huangpeng@...il.com, harry.majun@...wei.com Subject: [PATCH] set fake_rtable's dst to NULL to avoid kernel Oops. When bridge is deleted before tap/vif device's delete, kernel may encounter an oops because of NULL reference to fake_rtable's dst. Set fake_rtable's dst to NULL before sending packets out can solve this problem. Acked-by: Eric Dumazet <eric.dumazet@...il.com> Signed-off-by: Peter Huang <peter.huangpeng@...wei.com> --- include/linux/netfilter_bridge.h | 8 ++++++++ net/bridge/br_forward.c | 1 + net/bridge/br_netfilter.c | 6 +----- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/include/linux/netfilter_bridge.h b/include/linux/netfilter_bridge.h index 0ddd161..70744fe 100644 --- a/include/linux/netfilter_bridge.h +++ b/include/linux/netfilter_bridge.h @@ -104,9 +104,17 @@ struct bridge_skb_cb { } daddr; }; +static inline void br_drop_fake_rtable(struct sk_buff *skb) { + struct dst_entry *dst = skb_dst(skb); + /* abuse fact that only fake_rtable has DST_NOPEER set */ + if (dst && (dst->flags & DST_NOPEER)) + skb_dst_drop(skb); +} + #else #define nf_bridge_maybe_copy_header(skb) (0) #define nf_bridge_pad(skb) (0) +#define br_drop_fake_rtable(skb) (0) #endif /* CONFIG_BRIDGE_NETFILTER */ #endif /* __KERNEL__ */ diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c index 61f6534..a2098e3 100644 --- a/net/bridge/br_forward.c +++ b/net/bridge/br_forward.c @@ -47,6 +47,7 @@ int br_dev_queue_push_xmit(struct sk_buff *skb) kfree_skb(skb); } else { skb_push(skb, ETH_HLEN); + br_drop_fake_rtable(skb); dev_queue_xmit(skb); } diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index dec4f38..946dcb0 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c @@ -694,11 +694,7 @@ static unsigned int br_nf_local_in(unsigned int hook, struct sk_buff *skb, const struct net_device *out, int (*okfn)(struct sk_buff *)) { - struct rtable *rt = skb_rtable(skb); - - if (rt && rt == bridge_parent_rtable(in)) - skb_dst_drop(skb); - + br_drop_fake_rtable(skb); return NF_ACCEPT; } -------------------------------- Peter Huang(peng) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists