From: Eric Dumazet <eric.dumazet@gmail.com>
To: Patrick McHardy <kaber@trash.net>
Cc: "David S. Miller" <davem@davemloft.net>,
Linux Netdev List <netdev@vger.kernel.org>,
Bart De Schuymer <bdschuym@pandora.be>
Subject: Re: [PATCH] netfilter: bridge: refcount fix
Date: Mon, 24 Aug 2009 19:32:20 +0200 [thread overview]
Message-ID: <4A92CEA4.6020604@gmail.com> (raw)
In-Reply-To: <4A92CC71.2000300@trash.net>
Patrick McHardy a écrit :
> Eric Dumazet wrote:
>> Hi David
>>
>> I found following by code review only, I am not sure it is critical enough for net-2.6
>>
>> This is a stable candidate, bug is more than 2 years old.
>>
>> Thanks
>>
>> commit f216f082b2b37c4943f1e7c393e2786648d48f6f
>> ([NETFILTER]: bridge netfilter: deal with martians correctly)
>> added a refcount leak on in_dev.
>>
>> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
>> ---
>> diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
>> index 4fde742..c62eca3 100644
>> --- a/net/bridge/br_netfilter.c
>> +++ b/net/bridge/br_netfilter.c
>> @@ -386,6 +386,7 @@ static int br_nf_pre_routing_finish(struct sk_buff *skb)
>> dst_release((struct dst_entry *)rt);
>> }
>> free_skb:
>> + in_dev_put(in_dev);
>> kfree_skb(skb);
>> return 0;
>
> I guess we could simply use __in_dev_get_rcu() here since all
> netfilter hooks are running under rcu_read_lock() anyways.
Ah very good point, Thanks Patrick.
[PATCH] netfilter: bridge: refcount fix
commit f216f082b2b37c4943f1e7c393e2786648d48f6f
([NETFILTER]: bridge netfilter: deal with martians correctly)
added a refcount leak on in_dev.
Instead of using in_dev_get(), we can use __in_dev_get_rcu(),
as netfilter hooks are running under rcu_read_lock(), as pointed
by Patrick.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index 4fde742..907a82e 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -359,7 +359,7 @@ static int br_nf_pre_routing_finish(struct sk_buff *skb)
},
.proto = 0,
};
- struct in_device *in_dev = in_dev_get(dev);
+ struct in_device *in_dev = __in_dev_get_rcu(dev);
/* If err equals -EHOSTUNREACH the error is due to a
* martian destination or due to the fact that
next prev parent reply other threads:[~2009-08-24 17:32 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-24 17:18 [PATCH] netfilter: bridge: refcount fix Eric Dumazet
2009-08-24 17:22 ` Patrick McHardy
2009-08-24 17:32 ` Eric Dumazet [this message]
2009-08-24 17:38 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A92CEA4.6020604@gmail.com \
--to=eric.dumazet@gmail.com \
--cc=bdschuym@pandora.be \
--cc=davem@davemloft.net \
--cc=kaber@trash.net \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.