首页 发现 帮助
注册 登录
phyus
/
linux-vybrid_public
8
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
浏览代码

set fake_rtable's dst to NULL to avoid kernel Oops

bridge: set fake_rtable's dst to NULL to avoid kernel Oops

when bridge is deleted before tap/vif device's delete, kernel may
encounter an oops because of NULL reference to fake_rtable's dst.
Set fake_rtable's dst to NULL before sending packets out can solve
this problem.

v4 reformat, change br_drop_fake_rtable(skb) to {}

v3 enrich commit header

v2 introducing new flag DST_FAKE_RTABLE to dst_entry struct.

[ Use "do { } while (0)" for nop br_drop_fake_rtable()
  implementation -DaveM ]

Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Peter Huang <peter.huangpeng@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Peter Huang (Peng) 13 年之前
父节点
4d634ca35a
当前提交
a881e963c7
共有 4 个文件被更改,包括 13 次插入6 次删除
合并视图 显示文件统计
  1. 9 0
      include/linux/netfilter_bridge.h
  2. 1 0
      include/net/dst.h
  3. 1 0
      net/bridge/br_forward.c
  4. 2 6
      net/bridge/br_netfilter.c

+ 9 - 0
include/linux/netfilter_bridge.h
查看文件 

@@ -104,9 +104,18 @@ struct bridge_skb_cb {
 
 	} daddr;
 
 	} daddr;
 
 };
 
 };
 
 
 
+static inline void br_drop_fake_rtable(struct sk_buff *skb)
 
+{
 
+	struct dst_entry *dst = skb_dst(skb);
 
+
 
+	if (dst && (dst->flags & DST_FAKE_RTABLE))
 
+		skb_dst_drop(skb);
 
+}
 
+
 
 #else
 
 #else
 
 #define nf_bridge_maybe_copy_header(skb)	(0)
 
 #define nf_bridge_maybe_copy_header(skb)	(0)
 
 #define nf_bridge_pad(skb)			(0)
 
 #define nf_bridge_pad(skb)			(0)
 
+#define br_drop_fake_rtable(skb)	        do { } while (0)
 
 #endif /* CONFIG_BRIDGE_NETFILTER */
 
 #endif /* CONFIG_BRIDGE_NETFILTER */
 
 
 
 #endif /* __KERNEL__ */
 
 #endif /* __KERNEL__ */

+ 1 - 0
include/net/dst.h
查看文件 

@@ -59,6 +59,7 @@ struct dst_entry {
 
 #define DST_NOCACHE		0x0010
 
 #define DST_NOCACHE		0x0010
 
 #define DST_NOCOUNT		0x0020
 
 #define DST_NOCOUNT		0x0020
 
 #define DST_NOPEER		0x0040
 
 #define DST_NOPEER		0x0040
 
+#define DST_FAKE_RTABLE		0x0080
 
 
 
 	short			error;
 
 	short			error;
 
 	short			obsolete;
 
 	short			obsolete;

+ 1 - 0
net/bridge/br_forward.c
查看文件 

@@ -47,6 +47,7 @@ int br_dev_queue_push_xmit(struct sk_buff *skb)
 
 		kfree_skb(skb);
 
 		kfree_skb(skb);
 
 	} else {
 
 	} else {
 
 		skb_push(skb, ETH_HLEN);
 
 		skb_push(skb, ETH_HLEN);
 
+		br_drop_fake_rtable(skb);
 
 		dev_queue_xmit(skb);
 
 		dev_queue_xmit(skb);
 
 	}
 
 	}

+ 2 - 6
net/bridge/br_netfilter.c
查看文件 

@@ -156,7 +156,7 @@ void br_netfilter_rtable_init(struct net_bridge *br)
 
 	rt->dst.dev = br->dev;
 
 	rt->dst.dev = br->dev;
 
 	rt->dst.path = &rt->dst;
 
 	rt->dst.path = &rt->dst;
 
 	dst_init_metrics(&rt->dst, br_dst_default_metrics, true);
 
 	dst_init_metrics(&rt->dst, br_dst_default_metrics, true);
 
-	rt->dst.flags	= DST_NOXFRM | DST_NOPEER;
 
+	rt->dst.flags	= DST_NOXFRM | DST_NOPEER | DST_FAKE_RTABLE;
 
 	rt->dst.ops = &fake_dst_ops;
 
 	rt->dst.ops = &fake_dst_ops;
 
 }
 
 }
 
 
 
@@ -694,11 +694,7 @@ static unsigned int br_nf_local_in(unsigned int hook, struct sk_buff *skb,
 
 				   const struct net_device *out,
 
 				   const struct net_device *out,
 
 				   int (*okfn)(struct sk_buff *))
 
 				   int (*okfn)(struct sk_buff *))
 
 {
 
 {
 
-	struct rtable *rt = skb_rtable(skb);
 
-
 
-	if (rt && rt == bridge_parent_rtable(in))
 
-		skb_dst_drop(skb);
 
-
 
+	br_drop_fake_rtable(skb);
 
 	return NF_ACCEPT;
 
 	return NF_ACCEPT;
 
 }
 
 }