From patchwork Fri Jun 3 09:39:45 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ido Schimmel X-Patchwork-Id: 629768 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3rLhNs5F0Dz9t5l for ; Fri, 3 Jun 2016 21:16:13 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=Mellanox.com header.i=@Mellanox.com header.b=q/1S6xKP; dkim-atps=neutral Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932837AbcFCLQK (ORCPT ); Fri, 3 Jun 2016 07:16:10 -0400 Received: from mail-am1on0066.outbound.protection.outlook.com ([157.56.112.66]:11552 "EHLO emea01-am1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S932509AbcFCLQG (ORCPT ); Fri, 3 Jun 2016 07:16:06 -0400 X-Greylist: delayed 3587 seconds by postgrey-1.27 at vger.kernel.org; Fri, 03 Jun 2016 07:16:06 EDT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Mellanox.com; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=aeUkPhsHp3lFec8E02TLWHCxjjiaBRsyl4KVpbDEWgw=; b=q/1S6xKPt/iuupdXYoTCwbyE3G7sDISVwnuB3ZJatGo+oZ5PS94FlWHD4oXZ2mprcb/SahGbHgkiJnRFkrOj1pvIGNwge2SqZgGqdWNTvvovX86LsMqw4EgUxT12QyEUOXqZzx7/jOo7FuwgyevOGedPCt1rAUtAsyKwfo/X1R8= Authentication-Results: networkplumber.org; dkim=none (message not signed) header.d=none;networkplumber.org; dmarc=none action=none header.from=mellanox.com; Received: from localhost.localdomain (79.183.183.48) by AM2PR05MB0979.eurprd05.prod.outlook.com (10.161.234.141) with Microsoft SMTP Server (TLS) id 15.1.506.9; Fri, 3 Jun 2016 09:43:02 +0000 From: Ido Schimmel To: , CC: , , , , , , , Ido Schimmel , Florian Westphal Subject: [PATCH net] bridge: Fix incorrect re-injection of STP packets Date: Fri, 3 Jun 2016 12:39:45 +0300 Message-ID: <1464946785-7651-1-git-send-email-idosch@mellanox.com> X-Mailer: git-send-email 2.8.2 MIME-Version: 1.0 X-Originating-IP: [79.183.183.48] X-ClientProxiedBy: HE1PR02CA0051.eurprd02.prod.outlook.com (10.163.170.19) To AM2PR05MB0979.eurprd05.prod.outlook.com (10.161.234.141) X-MS-Office365-Filtering-Correlation-Id: 537fad57-6fea-477f-2f88-08d38b9375b7 X-Microsoft-Exchange-Diagnostics: 1; AM2PR05MB0979; 2:UeTNenm2VVEgoHT5MALYCSvF+ViaxRFok6GevVfunkg7r9sH6H0Q4DkBgkVyRve5deM3thNDUXLc2I2BWNN0D6gEVqKnnH9g5j1fTIOxnoyg2s3LuhAiTcnh6FegupupMFjLH/z7/V8EVI5m8tdZLeqnWhxGAHNDJ6HQjPEMiZNpQRCqcTbJAgsEz/xXDhH5; 3:MwSgOGlK0Ge6ZGQ+/1QB4MCn4NlzSujGCVuyqHKOPlHx5HlULMyak84iETyA49QFAMaIREJpXgpdxAkqn54ZmsDrEdYd0kegnkUj2aJ5GZOfQLmxjVs4COY4NUWJYuaf; 25:Hzu/4XsSU2XC2pRNH/S2AAyEFR+r128rfpizAc+prXnOL+yN+j1C1KFI4XzmvuArG+GvPnrPN3NiobDtkvjW4n0KECYa/7cEfwrtxBhyPNVSwncTdoaYd8Z7xDDgPKkT+v8ZiJI20/DBKm1Mf9BuLu7waIjt7W9fIRmkHuRlErHFsacrDFsVNZVplQKvdku5cCqOm5C1IDMU1jmZg93K0ZPI9kwMKc73hrVGOSNbPsGgccE/nq+yTfx5MGS1bPRh+3To0Tw+obosrK4CeRZM+8PegRkIyQKihLHgCX/RUnH0kCXcG2JSrxgB4muJvBN8c3nPIfE4uNgAnafXl1j102e5ToH6owNCID8c/sDmMyJkyMOQhiLABBpBMYRSTdmU7d4RbMLsxN2YEZypMrQKE7MKO+Oy1qfr1Ff5VWxw2tU= X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:AM2PR05MB0979; X-Microsoft-Exchange-Diagnostics: 1; AM2PR05MB0979; 20:bM6RpV+kl3iBhTrDXYGRdy/0r1qxqk75m6DxizklIw3G+yzJr5rIPIiaPmaf/Ri6ZfSj/Tlxe9cHjwQmoTWFUzisVSHUPFUMFnld5AmtYnHOmV8JifpK22O3IYheZ87fHwXQOqWdDGQjwo7eM/mr+2p4gn2qLLIObk9sE0SdGEId/kfpOX/6/r0Ch/GGxr10zvFyBOKa1xH9goBOiJq825lEZCCVjI2rkiU4csImESQbTHqFH+xGEfaFPKqoo8Pl+z0033efubrx349RCC3u/IzrQTolyXQoxZUr2srsSAyz7+oVXAQJrfRuxm99+AoJxLCCZ8CKEQn52hbGSxrSJgqOYvz1edae/XIsnNC6a0G7BEx8Er/yuPEJM188JQmLfZL6aqmiI6vdzAaaaYGpEmhldMUBgmTEINDbCcu8XQ/VxyOF2k7KHWT0GJ2OoOrnlQ0ISv6N5qJpUPZQzi+fDMZX3Vf+R3Qawk5fSGTxqYqYG8Y/35rdZO/4eP7x/dwI; 4:k7DdvcfyabPtcZhHSBc+aqI//yjvoAn0pL0vImL2D35C+8weA/+qjaMW2YKivORh9ZKd3m7F2XbC7VSk84LO5M3RchXPosw6JIJ6irito54UE5FpdPSGyS7ohT0PDvJRPdhLXv+t4lHX3lJgbcPthI6KvpC3eDu8+F6wzMJXEmeuCnGC1J2YfxhuExJ98kldLVmf8IxB/3dfwKT3MBFUtxjQzdZeZYz283K4rWwW7VNoPCSnWmBJiDGaavs9WJHXABU3nx3/xpP6cAUd9OT9/laR0S1U3NO47Zp1qQjQEIlt+TgyLqZbqn1+i4UhSeBgZ4u5wlJkoiQFXxm8WLA50VnblXJUQWMyhGqPd0fm8DEdDKsqFE1VPNFXo/DB2505KB1kRiFssEIulZOlJPMaAQ== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026); SRVR:AM2PR05MB0979; BCL:0; PCL:0; RULEID:; SRVR:AM2PR05MB0979; X-Forefront-PRVS: 0962D394D2 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6009001)(6069001)(4326007)(3846002)(2906002)(586003)(6116002)(33646002)(5004730100002)(81166006)(5008740100001)(92566002)(50986999)(8676002)(229853001)(36756003)(47776003)(42186005)(189998001)(50466002)(50226002)(66066001)(86362001)(5003940100001)(19580395003)(19580405001)(5001770100001)(48376002)(77096005); DIR:OUT; SFP:1101; SCL:1; SRVR:AM2PR05MB0979; H:localhost.localdomain; FPR:; SPF:None; MLV:sfv; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; AM2PR05MB0979; 23:PzETCZH/TGlG5hXUFz4ncPD4v7DwwlGwGOg5r1wiGPSRszHOwKtQoeYGjn/ioNbiF/hm0Wk9yiJzSIpPDvQi6X2EUoJ673egrOJ5GeD02wnxG/nkFcBgvsB7RtEQAuM/UNoPMyB8QrKftXNXm09WF5mSuOJA0KGFvP3gPkDrHcb8kUTRMnGyNpmiKDGad9fHe2rrsh5yyIml383MFSD9BLAJ7o7sKZyrs1/YmfCTgL4bR9D1ddiv3bz6QkaugnBd2g4+8pZtbQWO0HJui/T4DzUXeiHBzwVqDfW3PTJo5gj3hdJm9NAZ1YTT1HZFq2NsmjDqv/fn42Hpdp9WcOkN+dBaCxSMTq8nDBKPbhwWMVvVZUeTu+wr3DB8emec7+jAmgTrwxazY8Yd5BFY1ru+zoZFqSGOAOTHGNtfbYTfMlRTTIQvYIX4s+1QH04rWKCyVETZK42H7SVIMTGJy1fuEdFsBy6nhGhYrv9T+qOZxQ2imqMCj39RYjZEC5k1GiyO/FnNWTfveWZ+b2eY24dXZE/avP9PyV3FzMEzd/J2/N2Hqi6hwSk7kxygOv04oTA8moBSrBS0iH5yyU/HjXzeMEKf0meIbhexH2VOqFgsLiQgEBX/L5QsSwxld7muCFO1ceymGsYLTgh96BbKQFiTDyr6VObkaIZz444PnYz9fdxam/coNAzLufdSU7aLQKpt5FiwE/Rgk2Bu7C2Vq2Xi2PCV3vFJMeWqaYCV4ZLQnKETY4AIVAw4Eqz4u7/2HMI3CwEuLvY6lMwEzELOlA4IvewkDqz+gawfh3EJ6Wt9wg8eZTEGaD52TC8WqKyJdPzckYmFsiW+kZv4xR+bbHnckRRJYIdDJDLLMIiKBUBvadA= X-Microsoft-Exchange-Diagnostics: 1; AM2PR05MB0979; 5:ry4rQoC1g1KTX7cHG8v36JVh3QZ3hgOUbs0iKPyAXfgNIFOyuSZeL0dWxeKHAyqc+IQiupAG9Mjy4ne5D0PH7e7124eJbuWYtbtmmwAI1sppum0SWlmo/u+calPbSVTgPIrCelszDBIUH6i/vNz15w==; 24:SOCRhcdWcX2F4yd/b39lSUHk/5B5kwdBDfrdg+tO4nTpxufNGXPqIOqxN51S9OKh+4yxo4RjRO6e5FDy4HViMUZTD82po+tzhoe1ZncV1cA=; 7:yg2XlxDXxplC76i9ON7/m7y4QghKvTtx6c2pNkPbS1RZY0AIugBmKFiUPC44sGUMNH0CBUHJznFhrJs4SDtOpnjJgnZ6IRuSFAPVd0WSvRBoWUY7NR7a6XhUOrXueQ8z8+T/yStBbfPtXPin01h+G4KSWYIL2aAX8Rewm6b2He/LZk2Shin6784YvfsPRCt6DaIAk+V3yrswb62wBByDLw== X-OriginatorOrg: Mellanox.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Jun 2016 09:43:02.3108 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM2PR05MB0979 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Commit 8626c56c8279 ("bridge: fix potential use-after-free when hook returns QUEUE or STOLEN verdict") fixed incorrect usage of NF_HOOK's return value by consuming packets in okfn via br_pass_frame_up(). However, this function re-injects packets to the Rx path with skb->dev set to the bridge device, which breaks kernel's STP, as all STP packets appear to originate from the bridge device itself. Instead, if okfn was called for a packet, make bridge's rx_handler re-inject it to the Rx path by returning RX_HANDLER_PASS. This is consistent with previous behavior. Cc: Florian Westphal Fixes: 8626c56c8279 ("bridge: fix potential use-after-free when hook returns QUEUE or STOLEN verdict") Reviewed-by: Jiri Pirko Signed-off-by: Ido Schimmel --- net/bridge/br_input.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c index 1607977..c73ed44 100644 --- a/net/bridge/br_input.c +++ b/net/bridge/br_input.c @@ -223,9 +223,7 @@ static int br_handle_local_finish(struct net *net, struct sock *sk, struct sk_bu if (p->flags & BR_LEARNING && br_should_learn(p, skb, &vid)) br_fdb_update(p->br, p, eth_hdr(skb)->h_source, vid, false); - BR_INPUT_SKB_CB(skb)->brdev = p->br->dev; - br_pass_frame_up(skb); - return 0; + return RX_HANDLER_PASS; } /* @@ -238,6 +236,7 @@ rx_handler_result_t br_handle_frame(struct sk_buff **pskb) struct sk_buff *skb = *pskb; const unsigned char *dest = eth_hdr(skb)->h_dest; br_should_route_hook_t *rhook; + int err; if (unlikely(skb->pkt_type == PACKET_LOOPBACK)) return RX_HANDLER_PASS; @@ -287,8 +286,11 @@ rx_handler_result_t br_handle_frame(struct sk_buff **pskb) } /* Deliver packet to local host only */ - NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, dev_net(skb->dev), - NULL, skb, skb->dev, NULL, br_handle_local_finish); + err = NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, dev_net(skb->dev), + NULL, skb, skb->dev, NULL, + br_handle_local_finish); + if (err == RX_HANDLER_PASS) + return RX_HANDLER_PASS; return RX_HANDLER_CONSUMED; }