[Xenial/Yakkety/Zesty][PATCH] (upstream) bridge: drop netfilter fake rtable unconditionally

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Xenial/Yakkety/Zesty][PATCH] (upstream) bridge: drop netfilter fake rtable unconditionally

Dan Streetman
From: Florian Westphal <[hidden email]>

BugLink: https://bugs.launchpad.net/bugs/1672470

Andreas reports kernel oops during rmmod of the br_netfilter module.
Hannes debugged the oops down to a NULL rt6info->rt6i_indev.

Problem is that br_netfilter has the nasty concept of adding a fake
rtable to skb->dst; this happens in a br_netfilter prerouting hook.

A second hook (in bridge LOCAL_IN) is supposed to remove these again
before the skb is handed up the stack.

However, on module unload hooks get unregistered which means an
skb could traverse the prerouting hook that attaches the fake_rtable,
while the 'fake rtable remove' hook gets removed from the hooklist
immediately after.

Fixes: 34666d467cbf1e2e3c7 ("netfilter: bridge: move br_netfilter out of the core")
Reported-by: Andreas Karis <[hidden email]>
Debugged-by: Hannes Frederic Sowa <[hidden email]>
Signed-off-by: Florian Westphal <[hidden email]>
Acked-by: Pablo Neira Ayuso <[hidden email]>
Signed-off-by: David S. Miller <[hidden email]>

(cherry-picked from upstream commit a13b2082ece95247779b9995c4e91b4246bed023)
Signed-off-by: Dan Streetman <[hidden email]>
---
 net/bridge/br_input.c           |  1 +
 net/bridge/br_netfilter_hooks.c | 21 ---------------------
 2 files changed, 1 insertion(+), 21 deletions(-)

diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
index 855b72f..267b46a 100644
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -29,6 +29,7 @@ EXPORT_SYMBOL(br_should_route_hook);
 static int
 br_netif_receive_skb(struct net *net, struct sock *sk, struct sk_buff *skb)
 {
+ br_drop_fake_rtable(skb);
  return netif_receive_skb(skb);
 }
 
diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c
index 95087e6..fa87fbd 100644
--- a/net/bridge/br_netfilter_hooks.c
+++ b/net/bridge/br_netfilter_hooks.c
@@ -521,21 +521,6 @@ static unsigned int br_nf_pre_routing(void *priv,
 }
 
 
-/* PF_BRIDGE/LOCAL_IN ************************************************/
-/* The packet is locally destined, which requires a real
- * dst_entry, so detach the fake one.  On the way up, the
- * packet would pass through PRE_ROUTING again (which already
- * took place when the packet entered the bridge), but we
- * register an IPv4 PRE_ROUTING 'sabotage' hook that will
- * prevent this from happening. */
-static unsigned int br_nf_local_in(void *priv,
-   struct sk_buff *skb,
-   const struct nf_hook_state *state)
-{
- br_drop_fake_rtable(skb);
- return NF_ACCEPT;
-}
-
 /* PF_BRIDGE/FORWARD *************************************************/
 static int br_nf_forward_finish(struct net *net, struct sock *sk, struct sk_buff *skb)
 {
@@ -908,12 +893,6 @@ static struct nf_hook_ops br_nf_ops[] __read_mostly = {
  .priority = NF_BR_PRI_BRNF,
  },
  {
- .hook = br_nf_local_in,
- .pf = NFPROTO_BRIDGE,
- .hooknum = NF_BR_LOCAL_IN,
- .priority = NF_BR_PRI_BRNF,
- },
- {
  .hook = br_nf_forward_ip,
  .pf = NFPROTO_BRIDGE,
  .hooknum = NF_BR_FORWARD,
--
2.9.3


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

ACK: [Xenial/Yakkety/Zesty][PATCH] (upstream) bridge: drop netfilter fake rtable unconditionally

Tim Gardner-2
Applied to Zesty


--
Tim Gardner [hidden email]

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

ACK: [Xenial/Yakkety/Zesty][PATCH] (upstream) bridge: drop netfilter fake rtable unconditionally

Stefan Bader-2
In reply to this post by Dan Streetman



--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

signature.asc (836 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

APPLIED [X/Y]: [Xenial/Yakkety/Zesty][PATCH] (upstream) bridge: drop netfilter fake rtable unconditionally

Thadeu Lima de Souza Cascardo-3
In reply to this post by Dan Streetman
Applied to xenial and yakkety master-next branches.

Thanks.
Cascardo.

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Loading...