torvalds/linux
torvalds/linux
2
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-09-04 20:19:47 +08:00
Code
a413e39a38
linux/net/bridge
History
Hong Zhiguo 716ec052d2 bridge: fix NULL pointer deref of br_port_get_rcu 
The NULL deref happens when br_handle_frame is called between these
2 lines of del_nbp:
	dev->priv_flags &= ~IFF_BRIDGE_PORT;
	/* --> br_handle_frame is called at this time */
	netdev_rx_handler_unregister(dev);

In br_handle_frame the return of br_port_get_rcu(dev) is dereferenced
without check but br_port_get_rcu(dev) returns NULL if:
	!(dev->priv_flags & IFF_BRIDGE_PORT)

Eric Dumazet pointed out the testing of IFF_BRIDGE_PORT is not necessary
here since we're in rcu_read_lock and we have synchronize_net() in
netdev_rx_handler_unregister. So remove the testing of IFF_BRIDGE_PORT
and by the previous patch, make sure br_port_get_rcu is called in
bridging code.

Signed-off-by: Hong Zhiguo <zhiguohong@tencent.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-09-15 22:03:33 -04:00
..
netfilter PTR_RET is now PTR_ERR_OR_ZERO(): Replace most. 2013-07-15 11:25:01 +09:30
br_device.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-09-05 14:58:52 -04:00
br_fdb.c bridge: Use the correct bit length for bitmap functions in the VLAN code 2013-08-20 23:35:57 -07:00
br_forward.c bridge: Add a flag to control unicast packet flood. 2013-06-11 02:04:32 -07:00
br_if.c bridge: inherit slave devices needed_headroom 2013-08-29 15:17:09 -04:00
br_input.c bridge: separate querier and query timer into IGMP/IPv4 and MLD/IPv6 ones 2013-08-30 15:24:37 -04:00
br_ioctl.c net: Allow userns root to control the network bridge code. 2012-11-18 20:33:00 -05:00
br_mdb.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-09-05 14:58:52 -04:00
br_multicast.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-09-05 14:58:52 -04:00
br_netfilter.c net: Convert uses of typedef ctl_table to struct ctl_table 2013-06-13 02:36:09 -07:00
br_netlink.c bridge: use br_port_get_rtnl within rtnl lock 2013-09-15 22:03:33 -04:00
br_notify.c net: convert resend IGMP to notifier event 2013-07-23 16:52:47 -07:00
br_private_stp.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
br_private.h bridge: fix NULL pointer deref of br_port_get_rcu 2013-09-15 22:03:33 -04:00
br_stp_bpdu.c bridge: set priority of STP packets 2013-02-11 14:16:52 -05:00
br_stp_if.c bridge: Clamp forward_delay when enabling STP 2013-09-12 23:32:14 -04:00
br_stp_timer.c bridge: fix race with topology change timer 2013-05-03 16:08:58 -04:00
br_stp.c bridge: Clamp forward_delay when enabling STP 2013-09-12 23:32:14 -04:00
br_sysfs_br.c bridge: correct the comment for file br_sysfs_br.c 2013-08-07 10:35:06 -07:00
br_sysfs_if.c bridge: Add a flag to control unicast packet flood. 2013-06-11 02:04:32 -07:00
br_vlan.c bridge: Use the correct bit length for bitmap functions in the VLAN code 2013-08-20 23:35:57 -07:00
br.c net:bridge: use IS_ENABLED 2011-12-16 15:49:52 -05:00
Kconfig bridge: Add vlan filtering infrastructure 2013-02-13 19:41:46 -05:00
Makefile bridge: Add vlan filtering infrastructure 2013-02-13 19:41:46 -05:00