| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1436460967.24939.44.camel@edumazet-glaptop2.roam.corp.google.com>
Date: Thu, 09 Jul 2015 18:56:07 +0200
From: Eric Dumazet <eric.dumazet@...il.com>
To: Bob Liu <bob.liu@...cle.com>, David Miller <davem@...emloft.net>
Cc: netdev@...r.kernel.org
Subject: [PATCH net] bridge: fix potential crash in __netdev_pick_tx()
From: Eric Dumazet <edumazet@...gle.com>
Commit c29390c6dfee ("xps: must clear sender_cpu before forwarding")
fixed an issue in normal forward path, caused by sender_cpu & napi_id
skb fields being an union.
Bridge is another point where skb can be forwarded, so we need
the same cure.
Bug triggers if packet was received on a NIC using skb_mark_napi_id()
Fixes: 2bd82484bb4c ("xps: fix xps for stacked devices")
Signed-off-by: Eric Dumazet <edumazet@...gle.com>
Reported-by: Bob Liu <bob.liu@...cle.com>
Tested-by: Bob Liu <bob.liu@...cle.com>
---
net/bridge/br_forward.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c
index e97572b5d2cc..0ff6e1bbca91 100644
--- a/net/bridge/br_forward.c
+++ b/net/bridge/br_forward.c
@@ -42,6 +42,7 @@ int br_dev_queue_push_xmit(struct sock *sk, struct sk_buff *skb)
} else {
skb_push(skb, ETH_HLEN);
br_drop_fake_rtable(skb);
+ skb_sender_cpu_clear(skb);
dev_queue_xmit(skb);
}
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists