{"id":806199,"url":"http://patchwork.ozlabs.org/api/1.2/patches/806199/?format=json","web_url":"http://patchwork.ozlabs.org/project/netdev/patch/1503807228-16281-1-git-send-email-roopa@cumulusnetworks.com/","project":{"id":7,"url":"http://patchwork.ozlabs.org/api/1.2/projects/7/?format=json","name":"Linux network development","link_name":"netdev","list_id":"netdev.vger.kernel.org","list_email":"netdev@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<1503807228-16281-1-git-send-email-roopa@cumulusnetworks.com>","list_archive_url":null,"date":"2017-08-27T04:13:48","name":"[net] bridge: check for null fdb->dst before notifying switchdev drivers","commit_ref":null,"pull_url":null,"state":"accepted","archived":true,"hash":"545cde6e1111f8da2f1a6f8e0cbfaa7f82d386fd","submitter":{"id":23500,"url":"http://patchwork.ozlabs.org/api/1.2/people/23500/?format=json","name":"Roopa Prabhu","email":"roopa@cumulusnetworks.com"},"delegate":{"id":34,"url":"http://patchwork.ozlabs.org/api/1.2/users/34/?format=json","username":"davem","first_name":"David","last_name":"Miller","email":"davem@davemloft.net"},"mbox":"http://patchwork.ozlabs.org/project/netdev/patch/1503807228-16281-1-git-send-email-roopa@cumulusnetworks.com/mbox/","series":[],"comments":"http://patchwork.ozlabs.org/api/patches/806199/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/806199/checks/","tags":{},"related":[],"headers":{"Return-Path":"<netdev-owner@vger.kernel.org>","X-Original-To":"patchwork-incoming@ozlabs.org","Delivered-To":"patchwork-incoming@ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)","ozlabs.org; dkim=pass (1024-bit key;\n\tunprotected) header.d=cumulusnetworks.com\n\theader.i=@cumulusnetworks.com header.b=\"Fc7K1C1D\"; \n\tdkim-atps=neutral"],"Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xg1kF1g86z9t2k\n\tfor <patchwork-incoming@ozlabs.org>;\n\tSun, 27 Aug 2017 14:14:13 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1750792AbdH0EOA (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);\n\tSun, 27 Aug 2017 00:14:00 -0400","from mail-pf0-f170.google.com ([209.85.192.170]:36700 \"EHLO\n\tmail-pf0-f170.google.com\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S1750740AbdH0EN7 (ORCPT\n\t<rfc822;netdev@vger.kernel.org>); Sun, 27 Aug 2017 00:13:59 -0400","by mail-pf0-f170.google.com with SMTP id k3so6552339pfc.3\n\tfor <netdev@vger.kernel.org>; Sat, 26 Aug 2017 21:13:58 -0700 (PDT)","from monster-08.mvlab.cumulusnetworks.com.\n\t(fw.cumulusnetworks.com. [216.129.126.126])\n\tby smtp.googlemail.com with ESMTPSA id\n\tn184sm15693663pga.89.2017.08.26.21.13.57\n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);\n\tSat, 26 Aug 2017 21:13:57 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=cumulusnetworks.com; s=google;\n\th=from:to:cc:subject:date:message-id;\n\tbh=Ow+09V21EFR17htcwejYkd/cwMRPmlFKDirZz8OkYxw=;\n\tb=Fc7K1C1Dn8rHaoZOdX9q5w2hZeGTIVtS94vZa5szqlxJanInGn/M0fpg7YWgJuCF1L\n\tBGZxwUdvjrvO+dMSl222oAVQDIUFIHBdFKBNhYjWQfD2HuD9lYdHoCnTmQ3CPLQp3EbV\n\t6AunK4IMUF8A/fEqgdnaY9ofI42iRP9WdmeN4=","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:from:to:cc:subject:date:message-id;\n\tbh=Ow+09V21EFR17htcwejYkd/cwMRPmlFKDirZz8OkYxw=;\n\tb=cjqBzIH3B2kdKSzoW276xdRFqJVe58CYNS5kFjApWOHlwJL8TxRIuffgjGugyBoXtk\n\trzEyQFQwZ6YFfsu97Fsh8Uq3zDOdvvYJi4dtFsrAL13TLWqCaBSsS4B2UmQpIwsiBRDg\n\tds9nS04hDNKyHw7Z758EfkrJt30Cu6/ocpAO1ILYOTn14yGmkBurE+SUzo9NNTk1Gh+C\n\tWs6RNCrjAyWrR6l1xSoaxNmbmVigJdqm6EnbLwf1RLKT/dtKTUVIwoiBswgILuXKob8G\n\t+7/n80QjEWs9LMi6ekP7z2jTGDet5fy+U+4SKiYXDsxPzjRF6nlJVi9NrYw3dkBaet+E\n\tVWeQ==","X-Gm-Message-State":"AHYfb5isK9KlGaDhDlXg/I8D69/7V/rYds4fCmHYkywx6OsZUhDEbT6E\n\tnNz1J4ZixBOB4aBsVCg=","X-Received":"by 10.99.176.69 with SMTP id z5mr3324896pgo.126.1503807238306;\n\tSat, 26 Aug 2017 21:13:58 -0700 (PDT)","From":"Roopa Prabhu <roopa@cumulusnetworks.com>","X-Google-Original-From":"Roopa Prabhu","To":"davem@davemloft.net","Cc":"netdev@vger.kernel.org, arkadis@mellanox.com","Subject":"[PATCH net] bridge: check for null fdb->dst before notifying\n\tswitchdev drivers","Date":"Sat, 26 Aug 2017 21:13:48 -0700","Message-Id":"<1503807228-16281-1-git-send-email-roopa@cumulusnetworks.com>","X-Mailer":"git-send-email 2.1.4","Sender":"netdev-owner@vger.kernel.org","Precedence":"bulk","List-ID":"<netdev.vger.kernel.org>","X-Mailing-List":"netdev@vger.kernel.org"},"content":"From: Roopa Prabhu <roopa@cumulusnetworks.com>\n\ncurrent switchdev drivers dont seem to support offloading fdb\nentries pointing to the bridge device which have fdb->dst\nnot set to any port. This patch adds a NULL fdb->dst check in\nthe switchdev notifier code.\n\nThis patch fixes the below NULL ptr dereference:\n$bridge fdb add 00:02:00:00:00:33 dev br0 self\n\n[   69.953374] BUG: unable to handle kernel NULL pointer dereference at\n0000000000000008\n[   69.954044] IP: br_switchdev_fdb_notify+0x29/0x80\n[   69.954044] PGD 66527067\n[   69.954044] P4D 66527067\n[   69.954044] PUD 7899c067\n[   69.954044] PMD 0\n[   69.954044]\n[   69.954044] Oops: 0000 [#1] SMP\n[   69.954044] Modules linked in:\n[   69.954044] CPU: 1 PID: 3074 Comm: bridge Not tainted 4.13.0-rc6+ #1\n[   69.954044] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.7.5.1-0-g8936dbb-20141113_115728-nilsson.home.kraxel.org\n04/01/2014\n[   69.954044] task: ffff88007b827140 task.stack: ffffc90001564000\n[   69.954044] RIP: 0010:br_switchdev_fdb_notify+0x29/0x80\n[   69.954044] RSP: 0018:ffffc90001567918 EFLAGS: 00010246\n[   69.954044] RAX: 0000000000000000 RBX: ffff8800795e0880 RCX:\n00000000000000c0\n[   69.954044] RDX: ffffc90001567920 RSI: 000000000000001c RDI:\nffff8800795d0600\n[   69.954044] RBP: ffffc90001567938 R08: ffff8800795d0600 R09:\n0000000000000000\n[   69.954044] R10: ffffc90001567a88 R11: ffff88007b849400 R12:\nffff8800795e0880\n[   69.954044] R13: ffff8800795d0600 R14: ffffffff81ef8880 R15:\n000000000000001c\n[   69.954044] FS:  00007f93d3085700(0000) GS:ffff88007fd00000(0000)\nknlGS:0000000000000000\n[   69.954044] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   69.954044] CR2: 0000000000000008 CR3: 0000000066551000 CR4:\n00000000000006e0\n[   69.954044] Call Trace:\n[   69.954044]  fdb_notify+0x3f/0xf0\n[   69.954044]  __br_fdb_add.isra.12+0x1a7/0x370\n[   69.954044]  br_fdb_add+0x178/0x280\n[   69.954044]  rtnl_fdb_add+0x10a/0x200\n[   69.954044]  rtnetlink_rcv_msg+0x1b4/0x240\n[   69.954044]  ? skb_free_head+0x21/0x40\n[   69.954044]  ? rtnl_calcit.isra.18+0xf0/0xf0\n[   69.954044]  netlink_rcv_skb+0xed/0x120\n[   69.954044]  rtnetlink_rcv+0x15/0x20\n[   69.954044]  netlink_unicast+0x180/0x200\n[   69.954044]  netlink_sendmsg+0x291/0x370\n[   69.954044]  ___sys_sendmsg+0x180/0x2e0\n[   69.954044]  ? filemap_map_pages+0x2db/0x370\n[   69.954044]  ? do_wp_page+0x11d/0x420\n[   69.954044]  ? __handle_mm_fault+0x794/0xd80\n[   69.954044]  ? vma_link+0xcb/0xd0\n[   69.954044]  __sys_sendmsg+0x4c/0x90\n[   69.954044]  SyS_sendmsg+0x12/0x20\n[   69.954044]  do_syscall_64+0x63/0xe0\n[   69.954044]  entry_SYSCALL64_slow_path+0x25/0x25\n[   69.954044] RIP: 0033:0x7f93d2bad690\n[   69.954044] RSP: 002b:00007ffc7217a638 EFLAGS: 00000246 ORIG_RAX:\n000000000000002e\n[   69.954044] RAX: ffffffffffffffda RBX: 00007ffc72182eac RCX:\n00007f93d2bad690\n[   69.954044] RDX: 0000000000000000 RSI: 00007ffc7217a670 RDI:\n0000000000000003\n[   69.954044] RBP: 0000000059a1f7f8 R08: 0000000000000006 R09:\n000000000000000a\n[   69.954044] R10: 00007ffc7217a400 R11: 0000000000000246 R12:\n00007ffc7217a670\n[   69.954044] R13: 00007ffc72182a98 R14: 00000000006114c0 R15:\n00007ffc72182aa0\n[   69.954044] Code: 1f 00 66 66 66 66 90 55 48 89 e5 48 83 ec 20 f6 47\n20 04 74 0a 83 fe 1c 74 09 83 fe 1d 74 2c c9 66 90 c3 48 8b 47 10 48 8d\n55 e8 <48> 8b 70 08 0f b7 47 1e 48 83 c7 18 48 89 7d f0 bf 03 00 00 00\n[   69.954044] RIP: br_switchdev_fdb_notify+0x29/0x80 RSP:\nffffc90001567918\n[   69.954044] CR2: 0000000000000008\n[   69.954044] ---[ end trace 03e9eec4a82c238b ]---\n\nFixes: 6b26b51b1d13 (\"net: bridge: Add support for notifying devices about FDB add/del\")\nSigned-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>\n---\n net/bridge/br_switchdev.c | 2 +-\n 1 file changed, 1 insertion(+), 1 deletion(-)","diff":"diff --git a/net/bridge/br_switchdev.c b/net/bridge/br_switchdev.c\nindex 181a44d..f6b1c7d 100644\n--- a/net/bridge/br_switchdev.c\n+++ b/net/bridge/br_switchdev.c\n@@ -115,7 +115,7 @@ br_switchdev_fdb_call_notifiers(bool adding, const unsigned char *mac,\n void\n br_switchdev_fdb_notify(const struct net_bridge_fdb_entry *fdb, int type)\n {\n-\tif (!fdb->added_by_user)\n+\tif (!fdb->added_by_user || !fdb->dst)\n \t\treturn;\n \n \tswitch (type) {\n","prefixes":["net"]}