Re: [PATCH] set fake_rtable's dst to NULL to avoid kernel Oops.
From: Stephen Hemminger
Date: Tue Apr 17 2012 - 11:52:52 EST
On Tue, 17 Apr 2012 14:22:26 +0800
"Peter Huang (Peng)" <peter.huangpeng@xxxxxxxxxx> wrote:
> When bridge is deleted before tap/vif device's delete, kernel may encounter an oops because of NULL reference to fake_rtable's dst.
> Set fake_rtable's dst to NULL before sending packets out can solve this problem.
>
>
> Acked-by: Eric Dumazet <eric.dumazet@xxxxxxxxx>
> Signed-off-by: Peter Huang <peter.huangpeng@xxxxxxxxxx>
> ---
> include/linux/netfilter_bridge.h | 8 ++++++++
> net/bridge/br_forward.c | 1 +
> net/bridge/br_netfilter.c | 6 +-----
> 3 files changed, 10 insertions(+), 5 deletions(-)
>
> diff --git a/include/linux/netfilter_bridge.h b/include/linux/netfilter_bridge.h
> index 0ddd161..70744fe 100644
> --- a/include/linux/netfilter_bridge.h
> +++ b/include/linux/netfilter_bridge.h
> @@ -104,9 +104,17 @@ struct bridge_skb_cb {
> } daddr;
> };
>
> +static inline void br_drop_fake_rtable(struct sk_buff *skb) {
> + struct dst_entry *dst = skb_dst(skb);
> + /* abuse fact that only fake_rtable has DST_NOPEER set */
> + if (dst && (dst->flags & DST_NOPEER))
> + skb_dst_drop(skb);
> +}
This check seems like a disaster waiting to happen when the next
change to DST table happens.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/