netfilter: bridge: refcount fix

Submitter	Eric Dumazet
Date	Aug. 24, 2009, 5:32 p.m.
Message ID	<4A92CEA4.6020604@gmail.com>
Download	mbox \| patch
Permalink	/patch/31981/
State	Not Applicable
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> Message-ID: <4A92CEA4.6020604@gmail.com> Date: Mon, 24 Aug 2009 19:32:20 +0200 From: Eric Dumazet <eric.dumazet@gmail.com> User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: Patrick McHardy <kaber@trash.net> CC: "David S. Miller" <davem@davemloft.net>, Linux Netdev List <netdev@vger.kernel.org>, Bart De Schuymer <bdschuym@pandora.be> Subject: Re: [PATCH] netfilter: bridge: refcount fix References: <4A92CB67.1080401@gmail.com> <4A92CC71.2000300@trash.net> In-Reply-To: <4A92CC71.2000300@trash.net> Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 8bit Sender: netdev-owner@vger.kernel.org Precedence: bulk

Comments

Eric Dumazet - Aug. 24, 2009, 5:32 p.m.

Patrick McHardy a écrit :
> Eric Dumazet wrote:
>> Hi David
>>
>> I found following by code review only, I am not sure it is critical enough for net-2.6
>>
>> This is a stable candidate, bug is more than 2 years old.
>>
>> Thanks
>>
>> commit f216f082b2b37c4943f1e7c393e2786648d48f6f
>> ([NETFILTER]: bridge netfilter: deal with martians correctly)
>> added a refcount leak on in_dev.
>>
>> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
>> ---
>> diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
>> index 4fde742..c62eca3 100644
>> --- a/net/bridge/br_netfilter.c
>> +++ b/net/bridge/br_netfilter.c
>> @@ -386,6 +386,7 @@ static int br_nf_pre_routing_finish(struct sk_buff *skb)
>>  				dst_release((struct dst_entry *)rt);
>>  			}
>>  free_skb:
>> +			in_dev_put(in_dev);
>>  			kfree_skb(skb);
>>  			return 0;
> 
> I guess we could simply use __in_dev_get_rcu() here since all
> netfilter hooks are running under rcu_read_lock() anyways.

Ah very good point, Thanks Patrick.

[PATCH] netfilter: bridge: refcount fix

commit f216f082b2b37c4943f1e7c393e2786648d48f6f
([NETFILTER]: bridge netfilter: deal with martians correctly)
added a refcount leak on in_dev.

Instead of using in_dev_get(), we can use __in_dev_get_rcu(),
as netfilter hooks are running under rcu_read_lock(), as pointed
by Patrick.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patrick McHardy - Aug. 24, 2009, 5:38 p.m.

Eric Dumazet wrote:
> [PATCH] netfilter: bridge: refcount fix
> 
> commit f216f082b2b37c4943f1e7c393e2786648d48f6f
> ([NETFILTER]: bridge netfilter: deal with martians correctly)
> added a refcount leak on in_dev.
> 
> Instead of using in_dev_get(), we can use __in_dev_get_rcu(),
> as netfilter hooks are running under rcu_read_lock(), as pointed
> by Patrick.
> 
> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
> Signed-off-by: Patrick McHardy <kaber@trash.net>

I've applied it to nf-next-2.6.git since its not as EARTH SHATTERING
as I understood Dave would like it to be for consideration for
net-2.6.git :)

Thanks!
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index 4fde742..907a82e 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -359,7 +359,7 @@  static int br_nf_pre_routing_finish(struct sk_buff *skb)
 				},
 				.proto = 0,
 			};
-			struct in_device *in_dev = in_dev_get(dev);
+			struct in_device *in_dev = __in_dev_get_rcu(dev);
 
 			/* If err equals -EHOSTUNREACH the error is due to a
 			 * martian destination or due to the fact that

Patchwork netfilter: bridge: refcount fix

Comments

Patch