Eric Lee / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit d69efb16891ddfa6c0b527f912a7193054d50281

Authored by Bodo Stroesser
Committed by David S. Miller
1 parent 43af8532ec

bridge: kernel panic when unloading bridge module 

There is a race condition when unloading bridge and netfilter.

The problem happens if __fake_rtable is in use by a skb
coming in, while someone starts to unload bridge.ko.
br_netfilter_fini() is called at the beginning of unload
in br_deinit() while skbs still are being forwarded and
transferred to local ip stack. Thus there is a possibility
of the __fake_rtable pointer not being removed in a skb that
goes up to ip stack. This results in a kernel panic, as
ip_rcv() calls the input-function of __fake_rtable, which
is NULL.

Moving the call of br_netfilter_fini() to the end of
br_deinit() solves the problem.

Signed-off-by: Bodo Stroesser <bstroesser@fujitsu-siemens.com>
Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Showing 1 changed file with 1 additions and 1 deletions Inline Diff

1 /* 1 /*
2 * Generic parts 2 * Generic parts
3 * Linux ethernet bridge 3 * Linux ethernet bridge
4 * 4 *
5 * Authors: 5 * Authors:
6 * Lennert Buytenhek <buytenh@gnu.org> 6 * Lennert Buytenhek <buytenh@gnu.org>
7 * 7 *
8 * $Id: br.c,v 1.47 2001/12/24 00:56:41 davem Exp $ 8 * $Id: br.c,v 1.47 2001/12/24 00:56:41 davem Exp $
9 * 9 *
10 * This program is free software; you can redistribute it and/or 10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License 11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 12 * as published by the Free Software Foundation; either version
13 * 2 of the License, or (at your option) any later version. 13 * 2 of the License, or (at your option) any later version.
14 */ 14 */
15 15
16 #include <linux/module.h> 16 #include <linux/module.h>
17 #include <linux/kernel.h> 17 #include <linux/kernel.h>
18 #include <linux/netdevice.h> 18 #include <linux/netdevice.h>
19 #include <linux/etherdevice.h> 19 #include <linux/etherdevice.h>
20 #include <linux/init.h> 20 #include <linux/init.h>
21 #include <linux/llc.h> 21 #include <linux/llc.h>
22 #include <net/llc.h> 22 #include <net/llc.h>
23 23
24 #include "br_private.h" 24 #include "br_private.h"
25 25
26 int (*br_should_route_hook)(struct sk_buff *skb); 26 int (*br_should_route_hook)(struct sk_buff *skb);
27 27
28 static struct llc_sap *br_stp_sap; 28 static struct llc_sap *br_stp_sap;
29 29
30 static int __init br_init(void) 30 static int __init br_init(void)
31 { 31 {
32 int err; 32 int err;
33 33
34 br_stp_sap = llc_sap_open(LLC_SAP_BSPAN, br_stp_rcv); 34 br_stp_sap = llc_sap_open(LLC_SAP_BSPAN, br_stp_rcv);
35 if (!br_stp_sap) { 35 if (!br_stp_sap) {
36 printk(KERN_ERR "bridge: can't register sap for STP\n"); 36 printk(KERN_ERR "bridge: can't register sap for STP\n");
37 return -EADDRINUSE; 37 return -EADDRINUSE;
38 } 38 }
39 39
40 err = br_fdb_init(); 40 err = br_fdb_init();
41 if (err) 41 if (err)
42 goto err_out; 42 goto err_out;
43 43
44 err = br_netfilter_init(); 44 err = br_netfilter_init();
45 if (err) 45 if (err)
46 goto err_out1; 46 goto err_out1;
47 47
48 err = register_netdevice_notifier(&br_device_notifier); 48 err = register_netdevice_notifier(&br_device_notifier);
49 if (err) 49 if (err)
50 goto err_out2; 50 goto err_out2;
51 51
52 err = br_netlink_init(); 52 err = br_netlink_init();
53 if (err) 53 if (err)
54 goto err_out3; 54 goto err_out3;
55 55
56 brioctl_set(br_ioctl_deviceless_stub); 56 brioctl_set(br_ioctl_deviceless_stub);
57 br_handle_frame_hook = br_handle_frame; 57 br_handle_frame_hook = br_handle_frame;
58 58
59 br_fdb_get_hook = br_fdb_get; 59 br_fdb_get_hook = br_fdb_get;
60 br_fdb_put_hook = br_fdb_put; 60 br_fdb_put_hook = br_fdb_put;
61 61
62 return 0; 62 return 0;
63 err_out3: 63 err_out3:
64 unregister_netdevice_notifier(&br_device_notifier); 64 unregister_netdevice_notifier(&br_device_notifier);
65 err_out2: 65 err_out2:
66 br_netfilter_fini(); 66 br_netfilter_fini();
67 err_out1: 67 err_out1:
68 br_fdb_fini(); 68 br_fdb_fini();
69 err_out: 69 err_out:
70 llc_sap_put(br_stp_sap); 70 llc_sap_put(br_stp_sap);
71 return err; 71 return err;
72 } 72 }
73 73
74 static void __exit br_deinit(void) 74 static void __exit br_deinit(void)
75 { 75 {
76 rcu_assign_pointer(br_stp_sap->rcv_func, NULL); 76 rcu_assign_pointer(br_stp_sap->rcv_func, NULL);
77 77
78 br_netlink_fini(); 78 br_netlink_fini();
79 br_netfilter_fini();
80 unregister_netdevice_notifier(&br_device_notifier); 79 unregister_netdevice_notifier(&br_device_notifier);
81 brioctl_set(NULL); 80 brioctl_set(NULL);
82 81
83 br_cleanup_bridges(); 82 br_cleanup_bridges();
84 83
85 synchronize_net(); 84 synchronize_net();
86 85
86 br_netfilter_fini();
87 llc_sap_put(br_stp_sap); 87 llc_sap_put(br_stp_sap);
88 br_fdb_get_hook = NULL; 88 br_fdb_get_hook = NULL;
89 br_fdb_put_hook = NULL; 89 br_fdb_put_hook = NULL;
90 90
91 br_handle_frame_hook = NULL; 91 br_handle_frame_hook = NULL;
92 br_fdb_fini(); 92 br_fdb_fini();
93 } 93 }
94 94
95 EXPORT_SYMBOL(br_should_route_hook); 95 EXPORT_SYMBOL(br_should_route_hook);
96 96
97 module_init(br_init) 97 module_init(br_init)
98 module_exit(br_deinit) 98 module_exit(br_deinit)
99 MODULE_LICENSE("GPL"); 99 MODULE_LICENSE("GPL");
100 MODULE_VERSION(BR_VERSION); 100 MODULE_VERSION(BR_VERSION);