review.tizen.org Git - platform/kernel/linux-amlogic.git/commit

author	Florian Westphal <fw@strlen.de>
	Mon, 13 Mar 2017 16:38:17 +0000 (17:38 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 22 Mar 2017 11:43:34 +0000 (12:43 +0100)
commit	9bce26f224d87cd454ba567eb2e01a6b0252c052
tree	3d5288b66fe96dfb80e4167f62f8361c7e7d5ba8	tree \| snapshot
parent	683100ed45761d56a5d2b3d79919ecdd12f8cbba	commit \| diff

bridge: drop netfilter fake rtable unconditionally

[ Upstream commit a13b2082ece95247779b9995c4e91b4246bed023 ]

Andreas reports kernel oops during rmmod of the br_netfilter module.
Hannes debugged the oops down to a NULL rt6info->rt6i_indev.

Problem is that br_netfilter has the nasty concept of adding a fake
rtable to skb->dst; this happens in a br_netfilter prerouting hook.

A second hook (in bridge LOCAL_IN) is supposed to remove these again
before the skb is handed up the stack.

However, on module unload hooks get unregistered which means an
skb could traverse the prerouting hook that attaches the fake_rtable,
while the 'fake rtable remove' hook gets removed from the hooklist
immediately after.

Fixes: 34666d467cbf1e2e3c7 ("netfilter: bridge: move br_netfilter out of the core")
Reported-by: Andreas Karis <akaris@redhat.com>
Debugged-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

net/bridge/br_input.c		diff \| blob \| history
net/bridge/br_netfilter_hooks.c		diff \| blob \| history