From patchwork Mon Aug 24 17:32:20 2009 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Eric Dumazet X-Patchwork-Id: 31981 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@bilbo.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from ozlabs.org (ozlabs.org [203.10.76.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mx.ozlabs.org", Issuer "CA Cert Signing Authority" (verified OK)) by bilbo.ozlabs.org (Postfix) with ESMTPS id CE678B7B63 for ; Tue, 25 Aug 2009 03:32:30 +1000 (EST) Received: by ozlabs.org (Postfix) id B712ADDD1B; Tue, 25 Aug 2009 03:32:30 +1000 (EST) Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.176.167]) by ozlabs.org (Postfix) with ESMTP id 46225DDD0B for ; Tue, 25 Aug 2009 03:32:30 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753028AbZHXRcW (ORCPT ); Mon, 24 Aug 2009 13:32:22 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1753012AbZHXRcW (ORCPT ); Mon, 24 Aug 2009 13:32:22 -0400 Received: from gw1.cosmosbay.com ([212.99.114.194]:48813 "EHLO gw1.cosmosbay.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752989AbZHXRcV (ORCPT ); Mon, 24 Aug 2009 13:32:21 -0400 Received: from [127.0.0.1] (localhost [127.0.0.1]) by gw1.cosmosbay.com (8.13.7/8.13.7) with ESMTP id n7OHWKNU023932; Mon, 24 Aug 2009 19:32:20 +0200 Message-ID: <4A92CEA4.6020604@gmail.com> Date: Mon, 24 Aug 2009 19:32:20 +0200 From: Eric Dumazet User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: Patrick McHardy CC: "David S. Miller" , Linux Netdev List , Bart De Schuymer Subject: Re: [PATCH] netfilter: bridge: refcount fix References: <4A92CB67.1080401@gmail.com> <4A92CC71.2000300@trash.net> In-Reply-To: <4A92CC71.2000300@trash.net> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.6 (gw1.cosmosbay.com [0.0.0.0]); Mon, 24 Aug 2009 19:32:20 +0200 (CEST) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Patrick McHardy a écrit : > Eric Dumazet wrote: >> Hi David >> >> I found following by code review only, I am not sure it is critical enough for net-2.6 >> >> This is a stable candidate, bug is more than 2 years old. >> >> Thanks >> >> commit f216f082b2b37c4943f1e7c393e2786648d48f6f >> ([NETFILTER]: bridge netfilter: deal with martians correctly) >> added a refcount leak on in_dev. >> >> Signed-off-by: Eric Dumazet >> --- >> diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c >> index 4fde742..c62eca3 100644 >> --- a/net/bridge/br_netfilter.c >> +++ b/net/bridge/br_netfilter.c >> @@ -386,6 +386,7 @@ static int br_nf_pre_routing_finish(struct sk_buff *skb) >> dst_release((struct dst_entry *)rt); >> } >> free_skb: >> + in_dev_put(in_dev); >> kfree_skb(skb); >> return 0; > > I guess we could simply use __in_dev_get_rcu() here since all > netfilter hooks are running under rcu_read_lock() anyways. Ah very good point, Thanks Patrick. [PATCH] netfilter: bridge: refcount fix commit f216f082b2b37c4943f1e7c393e2786648d48f6f ([NETFILTER]: bridge netfilter: deal with martians correctly) added a refcount leak on in_dev. Instead of using in_dev_get(), we can use __in_dev_get_rcu(), as netfilter hooks are running under rcu_read_lock(), as pointed by Patrick. Signed-off-by: Eric Dumazet Signed-off-by: Patrick McHardy --- -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index 4fde742..907a82e 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c @@ -359,7 +359,7 @@ static int br_nf_pre_routing_finish(struct sk_buff *skb) }, .proto = 0, }; - struct in_device *in_dev = in_dev_get(dev); + struct in_device *in_dev = __in_dev_get_rcu(dev); /* If err equals -EHOSTUNREACH the error is due to a * martian destination or due to the fact that