From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Herbert Xu <herbert@gondor.hengli.com.au>,
"David S. Miller" <davem@davemloft.net>
Subject: [ 08/39] bridge: Clamp forward_delay when enabling STP
Date: Fri, 11 Oct 2013 12:34:52 -0700 [thread overview]
Message-ID: <20131011193211.794611121@linuxfoundation.org> (raw)
In-Reply-To: <20131011193210.843963685@linuxfoundation.org>
3.0-stable review patch. If anyone has any objections, please let me know.
------------------
From: Herbert Xu <herbert@gondor.apana.org.au>
[ Upstream commit be4f154d5ef0ca147ab6bcd38857a774133f5450 ]
At some point limits were added to forward_delay. However, the
limits are only enforced when STP is enabled. This created a
scenario where you could have a value outside the allowed range
while STP is disabled, which then stuck around even after STP
is enabled.
This patch fixes this by clamping the value when we enable STP.
I had to move the locking around a bit to ensure that there is
no window where someone could insert a value outside the range
while we're in the middle of enabling STP.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/bridge/br_private.h | 1 +
net/bridge/br_stp.c | 21 +++++++++++++++------
net/bridge/br_stp_if.c | 12 ++++++++++--
3 files changed, 26 insertions(+), 8 deletions(-)
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -492,6 +492,7 @@ extern struct net_bridge_port *br_get_po
extern void br_init_port(struct net_bridge_port *p);
extern void br_become_designated_port(struct net_bridge_port *p);
+extern void __br_set_forward_delay(struct net_bridge *br, unsigned long t);
extern int br_set_forward_delay(struct net_bridge *br, unsigned long x);
extern int br_set_hello_time(struct net_bridge *br, unsigned long x);
extern int br_set_max_age(struct net_bridge *br, unsigned long x);
--- a/net/bridge/br_stp.c
+++ b/net/bridge/br_stp.c
@@ -517,18 +517,27 @@ int br_set_max_age(struct net_bridge *br
}
+void __br_set_forward_delay(struct net_bridge *br, unsigned long t)
+{
+ br->bridge_forward_delay = t;
+ if (br_is_root_bridge(br))
+ br->forward_delay = br->bridge_forward_delay;
+}
+
int br_set_forward_delay(struct net_bridge *br, unsigned long val)
{
unsigned long t = clock_t_to_jiffies(val);
+ int err = -ERANGE;
+ spin_lock_bh(&br->lock);
if (br->stp_enabled != BR_NO_STP &&
(t < BR_MIN_FORWARD_DELAY || t > BR_MAX_FORWARD_DELAY))
- return -ERANGE;
+ goto unlock;
- spin_lock_bh(&br->lock);
- br->bridge_forward_delay = t;
- if (br_is_root_bridge(br))
- br->forward_delay = br->bridge_forward_delay;
+ __br_set_forward_delay(br, t);
+ err = 0;
+
+unlock:
spin_unlock_bh(&br->lock);
- return 0;
+ return err;
}
--- a/net/bridge/br_stp_if.c
+++ b/net/bridge/br_stp_if.c
@@ -126,6 +126,14 @@ static void br_stp_start(struct net_brid
char *envp[] = { NULL };
r = call_usermodehelper(BR_STP_PROG, argv, envp, UMH_WAIT_PROC);
+
+ spin_lock_bh(&br->lock);
+
+ if (br->bridge_forward_delay < BR_MIN_FORWARD_DELAY)
+ __br_set_forward_delay(br, BR_MIN_FORWARD_DELAY);
+ else if (br->bridge_forward_delay < BR_MAX_FORWARD_DELAY)
+ __br_set_forward_delay(br, BR_MAX_FORWARD_DELAY);
+
if (r == 0) {
br->stp_enabled = BR_USER_STP;
br_debug(br, "userspace STP started\n");
@@ -134,10 +142,10 @@ static void br_stp_start(struct net_brid
br_debug(br, "using kernel STP\n");
/* To start timers on any ports left in blocking */
- spin_lock_bh(&br->lock);
br_port_state_selection(br);
- spin_unlock_bh(&br->lock);
}
+
+ spin_unlock_bh(&br->lock);
}
static void br_stp_stop(struct net_bridge *br)
next prev parent reply other threads:[~2013-10-11 19:35 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-11 19:34 [ 00/39] 3.0.100-stable review Greg Kroah-Hartman
2013-10-11 19:34 ` [ 01/39] intel-iommu: Fix leaks in pagetable freeing Greg Kroah-Hartman
2013-10-11 19:34 ` [ 02/39] cpqarray: fix info leak in ida_locked_ioctl() Greg Kroah-Hartman
2013-10-11 19:34 ` [ 03/39] cciss: fix info leak in cciss_ioctl32_passthru() Greg Kroah-Hartman
2013-10-11 19:34 ` [ 04/39] caif: Add missing braces to multiline if in cfctrl_linkup_request Greg Kroah-Hartman
2013-10-11 19:34 ` [ 05/39] netpoll: fix NULL pointer dereference in netpoll_cleanup Greg Kroah-Hartman
2013-10-11 19:34 ` [ 06/39] net: sctp: fix ipv6 ipsec encryption bug in sctp_v6_xmit Greg Kroah-Hartman
2013-10-11 19:34 ` [ 07/39] resubmit bridge: fix message_age_timer calculation Greg Kroah-Hartman
2013-10-11 19:34 ` Greg Kroah-Hartman [this message]
2013-10-11 19:34 ` [ 09/39] ip: generate unique IP identificator if local fragmentation is allowed Greg Kroah-Hartman
2013-10-11 19:34 ` [ 10/39] ipv6 mcast: use in6_dev_put in timer handlers instead of __in6_dev_put Greg Kroah-Hartman
2013-10-11 19:34 ` [ 11/39] ipv4 igmp: use in_dev_put in timer handlers instead of __in_dev_put Greg Kroah-Hartman
2013-10-11 19:34 ` [ 12/39] ipv6: udp packets following an UFO enqueued packet need also be handled by UFO Greg Kroah-Hartman
2013-10-11 19:34 ` [ 13/39] via-rhine: fix VLAN priority field (PCP, IEEE 802.1p) Greg Kroah-Hartman
2013-10-11 19:34 ` [ 14/39] dm9601: fix IFF_ALLMULTI handling Greg Kroah-Hartman
2013-10-11 19:34 ` [ 15/39] bonding: Fix broken promiscuity reference counting issue Greg Kroah-Hartman
2013-10-11 19:35 ` [ 16/39] ll_temac: Reset dma descriptors indexes on ndo_open Greg Kroah-Hartman
2013-10-11 19:35 ` [ 17/39] ASoC: max98095: a couple array underflows Greg Kroah-Hartman
2013-10-11 19:35 ` [ 18/39] ASoC: 88pm860x: array overflow in snd_soc_put_volsw_2r_st() Greg Kroah-Hartman
2013-10-11 19:35 ` [ 19/39] powerpc/iommu: Use GFP_KERNEL instead of GFP_ATOMIC in iommu_init_table() Greg Kroah-Hartman
2013-10-11 19:35 ` [ 20/39] powerpc/vio: Fix modalias_show return values Greg Kroah-Hartman
2013-10-11 19:35 ` [ 21/39] powerpc: Fix parameter clobber in csum_partial_copy_generic() Greg Kroah-Hartman
2013-10-11 19:35 ` [ 22/39] powerpc: Restore registers on error exit from csum_partial_copy_generic() Greg Kroah-Hartman
2013-10-11 19:35 ` [ 23/39] esp_scsi: Fix tag state corruption when autosensing Greg Kroah-Hartman
2013-10-11 19:35 ` [ 24/39] sparc64: Fix ITLB handler of null page Greg Kroah-Hartman
2013-10-11 19:35 ` [ 25/39] sparc64: Remove RWSEM export leftovers Greg Kroah-Hartman
2013-10-11 19:35 ` [ 26/39] sparc64: Fix off by one in trampoline TLB mapping installation loop Greg Kroah-Hartman
2013-10-11 19:35 ` [ 27/39] sparc64: Fix not SRAed %o5 in 32-bit traced syscall Greg Kroah-Hartman
2013-10-11 19:35 ` [ 28/39] sparc32: Fix exit flag passed from traced sys_sigreturn Greg Kroah-Hartman
2013-10-11 19:35 ` [ 29/39] kernel/kmod.c: check for NULL in call_usermodehelper_exec() Greg Kroah-Hartman
2013-10-11 22:36 ` Tetsuo Handa
2013-10-11 19:35 ` [ 30/39] USB: serial: option: Ignore card reader interface on Huawei E1750 Greg Kroah-Hartman
2013-10-11 19:35 ` [ 31/39] rtlwifi: Align private space in rtl_priv struct Greg Kroah-Hartman
2013-10-11 19:35 ` [ 32/39] p54usb: add USB ID for Corega WLUSB2GTST USB adapter Greg Kroah-Hartman
2013-10-11 19:35 ` [ 33/39] staging: comedi: ni_65xx: (bug fix) confine insn_bits to one subdevice Greg Kroah-Hartman
2013-10-11 19:35 ` [ 34/39] ACPI / IPMI: Fix atomic context requirement of ipmi_msg_handler() Greg Kroah-Hartman
2013-10-11 19:35 ` [ 35/39] tile: use a more conservative __my_cpu_offset in CONFIG_PREEMPT Greg Kroah-Hartman
2013-10-11 19:35 ` [ 36/39] Btrfs: change how we queue blocks for backref checking Greg Kroah-Hartman
2013-10-11 19:35 ` [ 37/39] ext4: avoid hang when mounting non-journal filesystems with orphan list Greg Kroah-Hartman
2013-10-11 19:35 ` [ 38/39] tg3: fix length overflow in VPD firmware parsing Greg Kroah-Hartman
2013-10-11 19:35 ` [ 39/39] Tools: hv: verify origin of netlink connector message Greg Kroah-Hartman
2013-10-11 22:14 ` [ 00/39] 3.0.100-stable review Greg Kroah-Hartman
2013-10-12 0:52 ` Guenter Roeck
2013-10-13 16:04 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131011193211.794611121@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=herbert@gondor.hengli.com.au \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox