diff options
author | Ido Schimmel <idosch@mellanox.com> | 2015-10-30 17:46:19 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2015-11-02 15:40:10 -0500 |
commit | 07bc588fc1087929e8e6dfe95ffcee1cb69a240f (patch) | |
tree | b07f5e0dc59c8e79d128eb5b6be5725cb610fedd /net/bridge/br_vlan.c | |
parent | ce1050089c969b96c797118f9cb0cf5a421ddc69 (diff) | |
download | op-kernel-dev-07bc588fc1087929e8e6dfe95ffcee1cb69a240f.zip op-kernel-dev-07bc588fc1087929e8e6dfe95ffcee1cb69a240f.tar.gz |
bridge: vlan: Prevent possible use-after-free
When adding a port to a bridge we initialize VLAN filtering on it. We do
not bail out in case an error occurred in nbp_vlan_init, as it can be
used as a non VLAN filtering bridge.
However, if VLAN filtering is required and an error occurred in
nbp_vlan_init, we should set vlgrp to NULL, so that VLAN filtering
functions (e.g. br_vlan_find, br_get_pvid) will know the struct is
invalid and will not try to access it.
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/bridge/br_vlan.c')
-rw-r--r-- | net/bridge/br_vlan.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index 5f0d0cc..1054696 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -914,6 +914,8 @@ out: return ret; err_vlan_add: + RCU_INIT_POINTER(p->vlgrp, NULL); + synchronize_rcu(); rhashtable_destroy(&vg->vlan_hash); err_rhtbl: kfree(vg); |