lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 28 Jul 2019 21:22:30 +0300 From: Nikolay Aleksandrov <nikolay@...ulusnetworks.com> To: netdev@...r.kernel.org Cc: davem@...emloft.net, roopa@...ulusnetworks.com, bridge@...ts.linux-foundation.org, Nikolay Aleksandrov <nikolay@...ulusnetworks.com>, syzbot+88533dc8b582309bf3ee@...kaller.appspotmail.com Subject: [PATCH net] net: bridge: delete local fdbs on device init failure On initialization failure we have to delete all local fdbs which were inserted due to the default pvid. This problem has been present since the inception of default_pvid. Note that currently there are 2 cases: 1) in br_dev_init() when br_multicast_init() fails 2) if register_netdevice() fails after calling ndo_init() This patch takes care of both since br_vlan_flush() is called on both occasions. Also the new fdb delete would be a no-op on normal bridge device destruction since the local fdbs would've been already flushed by br_dev_delete(). This is not an issue for ports since nbp_vlan_init() is called last when adding a port thus nothing can fail after it. Reported-by: syzbot+88533dc8b582309bf3ee@...kaller.appspotmail.com Fixes: 5be5a2df40f0 ("bridge: Add filtering support for default_pvid") Signed-off-by: Nikolay Aleksandrov <nikolay@...ulusnetworks.com> --- Tested with the provided reproducer and can no longer trigger the leak. Also tested the br_multicast_init() failure manually by making it always return an error. net/bridge/br_vlan.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index 021cc9f66804..3e6a702e4c21 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -715,6 +715,11 @@ void br_vlan_flush(struct net_bridge *br) ASSERT_RTNL(); + /* delete auto-added default pvid local fdbs before flushing vlans + * otherwise these will be leaked on bridge device init failure + */ + br_fdb_delete_by_port(br, NULL, 0, 1); + vg = br_vlan_group(br); __vlan_flush(vg); RCU_INIT_POINTER(br->vlgrp, NULL); -- 2.21.0
Powered by blists - more mailing lists