lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Fri, 3 Jul 2015 19:01:31 +0100
From:	Julien Grall <julien.grall@...rix.com>
To:	<stephen@...workplumber.org>, <davem@...emloft.net>,
	<bridge@...ts.linux-foundation.org>, <netdev@...r.kernel.org>
CC:	<xen-devel@...ts.xenproject.org>, <linux-kernel@...r.kernel.org>,
	"Julien Grall" <julien.grall@...rix.com>,
	Bernhard Thaler <bernhard.thaler@...et.at>,
	Pablo Neira Ayuso <pablo@...filter.org>, <fw@...len.de>,
	<ian.campbell@...rix.com>, <wei.liu2@...rix.com>
Subject: [PATCH] net/bridge: Add missing in6_dev_put in br_validate_ipv6

The commit efb6de9b4ba0092b2c55f6a52d16294a8a698edd "netfilter: bridge:
forward IPv6 fragmented packets" introduced a new function
br_validate_ipv6 which take a reference on the inet6 device. Although,
the reference is not released at the end.

This will result to the impossibility to destroy any netdevice using
ipv6 and bridge.

Spotted while trying to destroy a Xen guest on the upstream Linux:
"unregister_netdevice: waiting for vif1.0 to become free. Usage count = 1"

Signed-off-by: Julien Grall <julien.grall@...rix.com>
Cc: Bernhard Thaler <bernhard.thaler@...et.at>
Cc: Pablo Neira Ayuso <pablo@...filter.org>
Cc: fw@...len.de
Cc: ian.campbell@...rix.com
Cc: wei.liu2@...rix.com

---
    Note that it's impossible to create new guest after this message.
    I'm not sure if it's normal.
---
 net/bridge/br_netfilter_ipv6.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/net/bridge/br_netfilter_ipv6.c b/net/bridge/br_netfilter_ipv6.c
index 6d12d26..7046e19 100644
--- a/net/bridge/br_netfilter_ipv6.c
+++ b/net/bridge/br_netfilter_ipv6.c
@@ -140,11 +140,16 @@ int br_validate_ipv6(struct sk_buff *skb)
 	/* No IP options in IPv6 header; however it should be
 	 * checked if some next headers need special treatment
 	 */
+
+	in6_dev_put(idev);
+
 	return 0;
 
 inhdr_error:
 	IP6_INC_STATS_BH(dev_net(dev), idev, IPSTATS_MIB_INHDRERRORS);
 drop:
+	in6_dev_put(idev);
+
 	return -1;
 }
 
-- 
2.1.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists