[PATCH 4.1 142/159] bridge: netlink: fix slave_changelink/br_setport race conditions

From: Greg Kroah-Hartman
Date: Sat Sep 26 2015 - 17:19:17 EST

4.1-stable review patch. If anyone has any objections, please let me know.


From: Nikolay Aleksandrov <nikolay@xxxxxxxxxxxxxxxxxxx>

[ Upstream commit 963ad94853000ab100f5ff19eea80095660d41b4 ]

Since slave_changelink support was added there have been a few race
conditions when using br_setport() since some of the port functions it
uses require the bridge lock. It is very easy to trigger a lockup due to
some internal spin_lock() usage without bh disabled, also it's possible to
get the bridge into an inconsistent state.

Signed-off-by: Nikolay Aleksandrov <nikolay@xxxxxxxxxxxxxxxxxxx>
Fixes: 3ac636b8591c ("bridge: implement rtnl_link_ops->slave_changelink")
Reviewed-by: Jiri Pirko <jiri@xxxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
net/bridge/br_netlink.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)

--- a/net/bridge/br_netlink.c
+++ b/net/bridge/br_netlink.c
@@ -711,9 +711,17 @@ static int br_port_slave_changelink(stru
struct nlattr *tb[],
struct nlattr *data[])
+ struct net_bridge *br = netdev_priv(brdev);
+ int ret;
if (!data)
return 0;
- return br_setport(br_port_get_rtnl(dev), data);
+ spin_lock_bh(&br->lock);
+ ret = br_setport(br_port_get_rtnl(dev), data);
+ spin_unlock_bh(&br->lock);
+ return ret;

static int br_port_fill_slave_info(struct sk_buff *skb,

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/