Bug in bridge interface removal?

From: Erich Schubert
Date: Fri May 14 2004 - 08:48:24 EST

Next message: Erich Schubert: "Re: Bug in bridge interface removal?"
Previous message: viro: "Re: cramfs as initrd still fails in 2.4.27-pre2 [PATCH]"
Next in thread: Erich Schubert: "Re: Bug in bridge interface removal?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi, on an embedded system i had a crash when doing the following
(invalid) sequence of commands:
Note that this is an outdated kernel, 2.4.19-uc1 with some
modifications; i'm not sure if this is maybe already fixed.

brctl addbr br0
brctl addbr br1
brctl addif br0 eth0
brctl delif br1 eth0
(causing a kernel crash after a second)

yes, i'm deleting the interface from the wrong bridge. Since this
requires root privileges, this isn't much of an "exploit" or so. But it
takes down the system reliably here (but it is an MMUless ARM, you can
take that one down really easy...)

Having a short look at the source i didn't see any safety measure in
http://lxr.linux.no/source/net/bridge/br_if.c#L254
(Neither in 2.4.x, nor in 2.6.x)

I'd suggest adding the following line to the beginning of br_del_if:

if (dev->br_port->br != br) return -EINVAL;

After adding this line i get
device eth1 is not a slave of br0
instead of the reboot.

Greetings,
Erich

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Erich Schubert: "Re: Bug in bridge interface removal?"
Previous message: viro: "Re: cramfs as initrd still fails in 2.4.27-pre2 [PATCH]"
Next in thread: Erich Schubert: "Re: Bug in bridge interface removal?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]