From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, "Cong Wang" <amwang@redhat.com>,
"Linus Lüssing" <linus.luessing@web.de>,
"Vlad Yasevich" <vyasevich@gmail.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 3.11 23/66] Revert "bridge: only expire the mdb entry when query is received"
Date: Fri, 1 Nov 2013 15:06:59 -0700 [thread overview]
Message-ID: <20131101220641.158158095@linuxfoundation.org> (raw)
In-Reply-To: <20131101220634.605745564@linuxfoundation.org>
3.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Linus Lüssing <linus.luessing@web.de>
[ Upstream commit 454594f3b93a49ef568cd190c5af31376b105a7b ]
While this commit was a good attempt to fix issues occuring when no
multicast querier is present, this commit still has two more issues:
1) There are cases where mdb entries do not expire even if there is a
querier present. The bridge will unnecessarily continue flooding
multicast packets on the according ports.
2) Never removing an mdb entry could be exploited for a Denial of
Service by an attacker on the local link, slowly, but steadily eating up
all memory.
Actually, this commit became obsolete with
"bridge: disable snooping if there is no querier" (b00589af3b)
which included fixes for a few more cases.
Therefore reverting the following commits (the commit stated in the
commit message plus three of its follow up fixes):
====================
Revert "bridge: update mdb expiration timer upon reports."
This reverts commit f144febd93d5ee534fdf23505ab091b2b9088edc.
Revert "bridge: do not call setup_timer() multiple times"
This reverts commit 1faabf2aab1fdaa1ace4e8c829d1b9cf7bfec2f1.
Revert "bridge: fix some kernel warning in multicast timer"
This reverts commit c7e8e8a8f7a70b343ca1e0f90a31e35ab2d16de1.
Revert "bridge: only expire the mdb entry when query is received"
This reverts commit 9f00b2e7cf241fa389733d41b615efdaa2cb0f5b.
====================
CC: Cong Wang <amwang@redhat.com>
Signed-off-by: Linus Lüssing <linus.luessing@web.de>
Reviewed-by: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/bridge/br_mdb.c | 2 -
net/bridge/br_multicast.c | 47 ++++++++++++++++++++++++++--------------------
net/bridge/br_private.h | 1
3 files changed, 28 insertions(+), 22 deletions(-)
--- a/net/bridge/br_mdb.c
+++ b/net/bridge/br_mdb.c
@@ -451,7 +451,7 @@ static int __br_mdb_del(struct net_bridg
call_rcu_bh(&p->rcu, br_multicast_free_pg);
err = 0;
- if (!mp->ports && !mp->mglist && mp->timer_armed &&
+ if (!mp->ports && !mp->mglist &&
netif_running(br->dev))
mod_timer(&mp->timer, jiffies);
break;
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -271,7 +271,7 @@ static void br_multicast_del_pg(struct n
del_timer(&p->timer);
call_rcu_bh(&p->rcu, br_multicast_free_pg);
- if (!mp->ports && !mp->mglist && mp->timer_armed &&
+ if (!mp->ports && !mp->mglist &&
netif_running(br->dev))
mod_timer(&mp->timer, jiffies);
@@ -610,9 +610,6 @@ rehash:
break;
default:
- /* If we have an existing entry, update it's expire timer */
- mod_timer(&mp->timer,
- jiffies + br->multicast_membership_interval);
goto out;
}
@@ -622,7 +619,6 @@ rehash:
mp->br = br;
mp->addr = *group;
-
setup_timer(&mp->timer, br_multicast_group_expired,
(unsigned long)mp);
@@ -662,6 +658,7 @@ static int br_multicast_add_group(struct
struct net_bridge_mdb_entry *mp;
struct net_bridge_port_group *p;
struct net_bridge_port_group __rcu **pp;
+ unsigned long now = jiffies;
int err;
spin_lock(&br->multicast_lock);
@@ -676,18 +673,15 @@ static int br_multicast_add_group(struct
if (!port) {
mp->mglist = true;
+ mod_timer(&mp->timer, now + br->multicast_membership_interval);
goto out;
}
for (pp = &mp->ports;
(p = mlock_dereference(*pp, br)) != NULL;
pp = &p->next) {
- if (p->port == port) {
- /* We already have a portgroup, update the timer. */
- mod_timer(&p->timer,
- jiffies + br->multicast_membership_interval);
- goto out;
- }
+ if (p->port == port)
+ goto found;
if ((unsigned long)p->port < (unsigned long)port)
break;
}
@@ -698,6 +692,8 @@ static int br_multicast_add_group(struct
rcu_assign_pointer(*pp, p);
br_mdb_notify(br->dev, port, group, RTM_NEWMDB);
+found:
+ mod_timer(&p->timer, now + br->multicast_membership_interval);
out:
err = 0;
@@ -1197,9 +1193,6 @@ static int br_ip4_multicast_query(struct
if (!mp)
goto out;
- mod_timer(&mp->timer, now + br->multicast_membership_interval);
- mp->timer_armed = true;
-
max_delay *= br->multicast_last_member_count;
if (mp->mglist &&
@@ -1276,9 +1269,6 @@ static int br_ip6_multicast_query(struct
if (!mp)
goto out;
- mod_timer(&mp->timer, now + br->multicast_membership_interval);
- mp->timer_armed = true;
-
max_delay *= br->multicast_last_member_count;
if (mp->mglist &&
(timer_pending(&mp->timer) ?
@@ -1364,7 +1354,7 @@ static void br_multicast_leave_group(str
call_rcu_bh(&p->rcu, br_multicast_free_pg);
br_mdb_notify(br->dev, port, group, RTM_DELMDB);
- if (!mp->ports && !mp->mglist && mp->timer_armed &&
+ if (!mp->ports && !mp->mglist &&
netif_running(br->dev))
mod_timer(&mp->timer, jiffies);
}
@@ -1376,12 +1366,30 @@ static void br_multicast_leave_group(str
br->multicast_last_member_interval;
if (!port) {
- if (mp->mglist && mp->timer_armed &&
+ if (mp->mglist &&
(timer_pending(&mp->timer) ?
time_after(mp->timer.expires, time) :
try_to_del_timer_sync(&mp->timer) >= 0)) {
mod_timer(&mp->timer, time);
}
+
+ goto out;
+ }
+
+ for (p = mlock_dereference(mp->ports, br);
+ p != NULL;
+ p = mlock_dereference(p->next, br)) {
+ if (p->port != port)
+ continue;
+
+ if (!hlist_unhashed(&p->mglist) &&
+ (timer_pending(&p->timer) ?
+ time_after(p->timer.expires, time) :
+ try_to_del_timer_sync(&p->timer) >= 0)) {
+ mod_timer(&p->timer, time);
+ }
+
+ break;
}
out:
spin_unlock(&br->multicast_lock);
@@ -1798,7 +1806,6 @@ void br_multicast_stop(struct net_bridge
hlist_for_each_entry_safe(mp, n, &mdb->mhash[i],
hlist[ver]) {
del_timer(&mp->timer);
- mp->timer_armed = false;
call_rcu_bh(&mp->rcu, br_multicast_free_group);
}
}
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -126,7 +126,6 @@ struct net_bridge_mdb_entry
struct timer_list timer;
struct br_ip addr;
bool mglist;
- bool timer_armed;
};
struct net_bridge_mdb_htable
next prev parent reply other threads:[~2013-11-01 22:22 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-01 22:06 [PATCH 3.11 00/66] 3.11.7-stable review Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 01/66] tcp: TSO packets automatic sizing Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 02/66] tcp: TSQ can use a dynamic limit Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 03/66] tcp: must unclone packets before mangling them Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 04/66] tcp: do not forget FIN in tcp_shifted_skb() Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 05/66] tcp: fix incorrect ca_state in tail loss probe Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 06/66] net: do not call sock_put() on TIMEWAIT sockets Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 07/66] batman-adv: set up network coding packet handlers during module init Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 08/66] l2tp: fix kernel panic when using IPv4-mapped IPv6 addresses Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 09/66] l2tp: Fix build warning with ipv6 disabled Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 10/66] net: mv643xx_eth: update statistics timer from timer context only Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 11/66] net: mv643xx_eth: fix orphaned statistics timer crash Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 12/66] net: heap overflow in __audit_sockaddr() Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 13/66] sit: amend "allow to use rtnl ops on fb tunnel" Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 14/66] proc connector: fix info leaks Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 15/66] ipv4: fix ineffective source address selection Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 16/66] can: dev: fix nlmsg size calculation in can_get_size() Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 17/66] net: secure_seq: Fix warning when CONFIG_IPV6 and CONFIG_INET are not selected Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 18/66] xen-netback: Dont destroy the netdev until the vif is shut down Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 19/66] net/mlx4_en: Rename name of mlx4_en_rx_alloc members Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 20/66] net/mlx4_en: Fix pages never dma unmapped on rx Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 21/66] net: vlan: fix nlmsg size calculation in vlan_get_size() Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 22/66] bridge: update mdb expiration timer upon reports Greg Kroah-Hartman
2013-11-01 22:06 ` Greg Kroah-Hartman
2013-11-01 22:06 ` Greg Kroah-Hartman [this message]
2013-11-01 22:07 ` [PATCH 3.11 24/66] vti: get rid of nf mark rule in prerouting Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 25/66] l2tp: must disable bh before calling l2tp_xmit_skb() Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 26/66] netem: update backlog after drop Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 27/66] netem: free skbs in tree on reset Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 28/66] farsync: fix info leak in ioctl Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 29/66] unix_diag: fix info leak Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 30/66] connector: use nlmsg_len() to check message length Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 31/66] bnx2x: record rx queue for LRO packets Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 32/66] virtio-net: dont respond to cpu hotplug notifier if were not ready Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 33/66] virtio-net: refill only when device is up during setting queues Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 34/66] bridge: Correctly clamp MAX forward_delay when enabling STP Greg Kroah-Hartman
2013-11-01 22:07 ` Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 35/66] net: dst: provide accessor function to dst->xfrm Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 36/66] sctp: Use software crc32 checksum when xfrm transform will happen Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 37/66] sctp: Perform software checksum if packet has to be fragmented Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 38/66] wanxl: fix info leak in ioctl Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 39/66] be2net: pass if_id for v1 and V2 versions of TX_CREATE cmd Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 40/66] net: unix: inherit SOCK_PASS{CRED, SEC} flags from socket to fix race Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 41/66] net: fix cipso packet validation when !NETLABEL Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 42/66] inet: fix possible memory corruption with UDP_CORK and UFO Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 43/66] ipv6: always prefer rt6i_gateway if present Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 44/66] ipv6: fill rt6i_gateway with nexthop address Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 45/66] netfilter: nf_conntrack: fix rt6i_gateway checks for H.323 helper Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 46/66] ipv6: probe routes asynchronous in rt6_probe Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 47/66] davinci_emac.c: Fix IFF_ALLMULTI setup Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 48/66] ARM: 7851/1: check for number of arguments in syscall_get/set_arguments() Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 49/66] ARM: integrator: deactivate timer0 on the Integrator/CP Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 50/66] ext[34]: fix double put in tmpfile Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 51/66] gpio/lynxpoint: check if the interrupt is enabled in IRQ handler Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 52/66] dm snapshot: fix data corruption Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 53/66] i2c: ismt: initialize DMA buffer Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 54/66] mm: migration: do not lose soft dirty bit if page is in migration state Greg Kroah-Hartman
2013-11-27 11:38 ` William Dauchy
2013-11-27 11:50 ` Cyrill Gorcunov
2013-11-27 11:52 ` William Dauchy
2013-11-01 22:07 ` [PATCH 3.11 55/66] mm/zswap: bugfix: memory leak when re-swapon Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 56/66] mm: fix BUG in __split_huge_page_pmd Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 57/66] ALSA: us122l: Fix pcm_usb_stream mmapping regression Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 58/66] ALSA: hda - Fix inverted internal mic not indicated on some machines Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 59/66] writeback: fix negative bdi max pause Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 60/66] w1 - call request_module with w1 master mutex unlocked Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 61/66] wireless: radiotap: fix parsing buffer overrun Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 62/66] wireless: cw1200: acquire hwbus lock around cw1200_irq_handler() call Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 63/66] serial: vt8500: add missing braces Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 64/66] USB: serial: ti_usb_3410_5052: add Abbott strip port ID to combined table as well Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 65/66] USB: serial: option: add support for Inovia SEW858 device Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 66/66] usb: serial: option: blacklist Olivetti Olicard200 Greg Kroah-Hartman
2013-11-02 2:31 ` [PATCH 3.11 00/66] 3.11.7-stable review Guenter Roeck
2013-11-02 15:43 ` Greg Kroah-Hartman
2013-11-02 21:30 ` Shuah Khan
2013-11-02 22:10 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131101220641.158158095@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=amwang@redhat.com \
--cc=davem@davemloft.net \
--cc=linus.luessing@web.de \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=vyasevich@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.