From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, "Cong Wang" <amwang@redhat.com>,
"Linus Lüssing" <linus.luessing@web.de>,
"Vlad Yasevich" <vyasevich@gmail.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 3.11 23/66] Revert "bridge: only expire the mdb entry when query is received"
Date: Fri, 1 Nov 2013 15:06:59 -0700 [thread overview]
Message-ID: <20131101220641.158158095@linuxfoundation.org> (raw)
In-Reply-To: <20131101220634.605745564@linuxfoundation.org>
3.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Linus Lüssing <linus.luessing@web.de>
[ Upstream commit 454594f3b93a49ef568cd190c5af31376b105a7b ]
While this commit was a good attempt to fix issues occuring when no
multicast querier is present, this commit still has two more issues:
1) There are cases where mdb entries do not expire even if there is a
querier present. The bridge will unnecessarily continue flooding
multicast packets on the according ports.
2) Never removing an mdb entry could be exploited for a Denial of
Service by an attacker on the local link, slowly, but steadily eating up
all memory.
Actually, this commit became obsolete with
"bridge: disable snooping if there is no querier" (b00589af3b)
which included fixes for a few more cases.
Therefore reverting the following commits (the commit stated in the
commit message plus three of its follow up fixes):
====================
Revert "bridge: update mdb expiration timer upon reports."
This reverts commit f144febd93d5ee534fdf23505ab091b2b9088edc.
Revert "bridge: do not call setup_timer() multiple times"
This reverts commit 1faabf2aab1fdaa1ace4e8c829d1b9cf7bfec2f1.
Revert "bridge: fix some kernel warning in multicast timer"
This reverts commit c7e8e8a8f7a70b343ca1e0f90a31e35ab2d16de1.
Revert "bridge: only expire the mdb entry when query is received"
This reverts commit 9f00b2e7cf241fa389733d41b615efdaa2cb0f5b.
====================
CC: Cong Wang <amwang@redhat.com>
Signed-off-by: Linus Lüssing <linus.luessing@web.de>
Reviewed-by: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/bridge/br_mdb.c | 2 -
net/bridge/br_multicast.c | 47 ++++++++++++++++++++++++++--------------------
net/bridge/br_private.h | 1
3 files changed, 28 insertions(+), 22 deletions(-)
--- a/net/bridge/br_mdb.c
+++ b/net/bridge/br_mdb.c
@@ -451,7 +451,7 @@ static int __br_mdb_del(struct net_bridg
call_rcu_bh(&p->rcu, br_multicast_free_pg);
err = 0;
- if (!mp->ports && !mp->mglist && mp->timer_armed &&
+ if (!mp->ports && !mp->mglist &&
netif_running(br->dev))
mod_timer(&mp->timer, jiffies);
break;
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -271,7 +271,7 @@ static void br_multicast_del_pg(struct n
del_timer(&p->timer);
call_rcu_bh(&p->rcu, br_multicast_free_pg);
- if (!mp->ports && !mp->mglist && mp->timer_armed &&
+ if (!mp->ports && !mp->mglist &&
netif_running(br->dev))
mod_timer(&mp->timer, jiffies);
@@ -610,9 +610,6 @@ rehash:
break;
default:
- /* If we have an existing entry, update it's expire timer */
- mod_timer(&mp->timer,
- jiffies + br->multicast_membership_interval);
goto out;
}
@@ -622,7 +619,6 @@ rehash:
mp->br = br;
mp->addr = *group;
-
setup_timer(&mp->timer, br_multicast_group_expired,
(unsigned long)mp);
@@ -662,6 +658,7 @@ static int br_multicast_add_group(struct
struct net_bridge_mdb_entry *mp;
struct net_bridge_port_group *p;
struct net_bridge_port_group __rcu **pp;
+ unsigned long now = jiffies;
int err;
spin_lock(&br->multicast_lock);
@@ -676,18 +673,15 @@ static int br_multicast_add_group(struct
if (!port) {
mp->mglist = true;
+ mod_timer(&mp->timer, now + br->multicast_membership_interval);
goto out;
}
for (pp = &mp->ports;
(p = mlock_dereference(*pp, br)) != NULL;
pp = &p->next) {
- if (p->port == port) {
- /* We already have a portgroup, update the timer. */
- mod_timer(&p->timer,
- jiffies + br->multicast_membership_interval);
- goto out;
- }
+ if (p->port == port)
+ goto found;
if ((unsigned long)p->port < (unsigned long)port)
break;
}
@@ -698,6 +692,8 @@ static int br_multicast_add_group(struct
rcu_assign_pointer(*pp, p);
br_mdb_notify(br->dev, port, group, RTM_NEWMDB);
+found:
+ mod_timer(&p->timer, now + br->multicast_membership_interval);
out:
err = 0;
@@ -1197,9 +1193,6 @@ static int br_ip4_multicast_query(struct
if (!mp)
goto out;
- mod_timer(&mp->timer, now + br->multicast_membership_interval);
- mp->timer_armed = true;
-
max_delay *= br->multicast_last_member_count;
if (mp->mglist &&
@@ -1276,9 +1269,6 @@ static int br_ip6_multicast_query(struct
if (!mp)
goto out;
- mod_timer(&mp->timer, now + br->multicast_membership_interval);
- mp->timer_armed = true;
-
max_delay *= br->multicast_last_member_count;
if (mp->mglist &&
(timer_pending(&mp->timer) ?
@@ -1364,7 +1354,7 @@ static void br_multicast_leave_group(str
call_rcu_bh(&p->rcu, br_multicast_free_pg);
br_mdb_notify(br->dev, port, group, RTM_DELMDB);
- if (!mp->ports && !mp->mglist && mp->timer_armed &&
+ if (!mp->ports && !mp->mglist &&
netif_running(br->dev))
mod_timer(&mp->timer, jiffies);
}
@@ -1376,12 +1366,30 @@ static void br_multicast_leave_group(str
br->multicast_last_member_interval;
if (!port) {
- if (mp->mglist && mp->timer_armed &&
+ if (mp->mglist &&
(timer_pending(&mp->timer) ?
time_after(mp->timer.expires, time) :
try_to_del_timer_sync(&mp->timer) >= 0)) {
mod_timer(&mp->timer, time);
}
+
+ goto out;
+ }
+
+ for (p = mlock_dereference(mp->ports, br);
+ p != NULL;
+ p = mlock_dereference(p->next, br)) {
+ if (p->port != port)
+ continue;
+
+ if (!hlist_unhashed(&p->mglist) &&
+ (timer_pending(&p->timer) ?
+ time_after(p->timer.expires, time) :
+ try_to_del_timer_sync(&p->timer) >= 0)) {
+ mod_timer(&p->timer, time);
+ }
+
+ break;
}
out:
spin_unlock(&br->multicast_lock);
@@ -1798,7 +1806,6 @@ void br_multicast_stop(struct net_bridge
hlist_for_each_entry_safe(mp, n, &mdb->mhash[i],
hlist[ver]) {
del_timer(&mp->timer);
- mp->timer_armed = false;
call_rcu_bh(&mp->rcu, br_multicast_free_group);
}
}
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -126,7 +126,6 @@ struct net_bridge_mdb_entry
struct timer_list timer;
struct br_ip addr;
bool mglist;
- bool timer_armed;
};
struct net_bridge_mdb_htable
next prev parent reply other threads:[~2013-11-01 22:22 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-01 22:06 [PATCH 3.11 00/66] 3.11.7-stable review Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 01/66] tcp: TSO packets automatic sizing Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 02/66] tcp: TSQ can use a dynamic limit Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 03/66] tcp: must unclone packets before mangling them Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 04/66] tcp: do not forget FIN in tcp_shifted_skb() Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 05/66] tcp: fix incorrect ca_state in tail loss probe Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 06/66] net: do not call sock_put() on TIMEWAIT sockets Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 07/66] batman-adv: set up network coding packet handlers during module init Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 08/66] l2tp: fix kernel panic when using IPv4-mapped IPv6 addresses Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 09/66] l2tp: Fix build warning with ipv6 disabled Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 10/66] net: mv643xx_eth: update statistics timer from timer context only Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 11/66] net: mv643xx_eth: fix orphaned statistics timer crash Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 12/66] net: heap overflow in __audit_sockaddr() Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 13/66] sit: amend "allow to use rtnl ops on fb tunnel" Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 14/66] proc connector: fix info leaks Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 15/66] ipv4: fix ineffective source address selection Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 16/66] can: dev: fix nlmsg size calculation in can_get_size() Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 17/66] net: secure_seq: Fix warning when CONFIG_IPV6 and CONFIG_INET are not selected Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 18/66] xen-netback: Dont destroy the netdev until the vif is shut down Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 19/66] net/mlx4_en: Rename name of mlx4_en_rx_alloc members Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 20/66] net/mlx4_en: Fix pages never dma unmapped on rx Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 21/66] net: vlan: fix nlmsg size calculation in vlan_get_size() Greg Kroah-Hartman
2013-11-01 22:06 ` [PATCH 3.11 22/66] bridge: update mdb expiration timer upon reports Greg Kroah-Hartman
2013-11-01 22:06 ` Greg Kroah-Hartman [this message]
2013-11-01 22:07 ` [PATCH 3.11 24/66] vti: get rid of nf mark rule in prerouting Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 25/66] l2tp: must disable bh before calling l2tp_xmit_skb() Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 26/66] netem: update backlog after drop Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 27/66] netem: free skbs in tree on reset Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 28/66] farsync: fix info leak in ioctl Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 29/66] unix_diag: fix info leak Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 30/66] connector: use nlmsg_len() to check message length Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 31/66] bnx2x: record rx queue for LRO packets Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 32/66] virtio-net: dont respond to cpu hotplug notifier if were not ready Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 33/66] virtio-net: refill only when device is up during setting queues Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 34/66] bridge: Correctly clamp MAX forward_delay when enabling STP Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 35/66] net: dst: provide accessor function to dst->xfrm Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 36/66] sctp: Use software crc32 checksum when xfrm transform will happen Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 37/66] sctp: Perform software checksum if packet has to be fragmented Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 38/66] wanxl: fix info leak in ioctl Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 39/66] be2net: pass if_id for v1 and V2 versions of TX_CREATE cmd Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 40/66] net: unix: inherit SOCK_PASS{CRED, SEC} flags from socket to fix race Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 41/66] net: fix cipso packet validation when !NETLABEL Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 42/66] inet: fix possible memory corruption with UDP_CORK and UFO Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 43/66] ipv6: always prefer rt6i_gateway if present Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 44/66] ipv6: fill rt6i_gateway with nexthop address Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 45/66] netfilter: nf_conntrack: fix rt6i_gateway checks for H.323 helper Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 46/66] ipv6: probe routes asynchronous in rt6_probe Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 47/66] davinci_emac.c: Fix IFF_ALLMULTI setup Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 48/66] ARM: 7851/1: check for number of arguments in syscall_get/set_arguments() Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 49/66] ARM: integrator: deactivate timer0 on the Integrator/CP Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 50/66] ext[34]: fix double put in tmpfile Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 51/66] gpio/lynxpoint: check if the interrupt is enabled in IRQ handler Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 52/66] dm snapshot: fix data corruption Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 53/66] i2c: ismt: initialize DMA buffer Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 54/66] mm: migration: do not lose soft dirty bit if page is in migration state Greg Kroah-Hartman
2013-11-27 11:38 ` William Dauchy
2013-11-27 11:50 ` Cyrill Gorcunov
2013-11-27 11:52 ` William Dauchy
2013-11-01 22:07 ` [PATCH 3.11 55/66] mm/zswap: bugfix: memory leak when re-swapon Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 56/66] mm: fix BUG in __split_huge_page_pmd Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 57/66] ALSA: us122l: Fix pcm_usb_stream mmapping regression Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 58/66] ALSA: hda - Fix inverted internal mic not indicated on some machines Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 59/66] writeback: fix negative bdi max pause Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 60/66] w1 - call request_module with w1 master mutex unlocked Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 61/66] wireless: radiotap: fix parsing buffer overrun Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 62/66] wireless: cw1200: acquire hwbus lock around cw1200_irq_handler() call Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 63/66] serial: vt8500: add missing braces Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 64/66] USB: serial: ti_usb_3410_5052: add Abbott strip port ID to combined table as well Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 65/66] USB: serial: option: add support for Inovia SEW858 device Greg Kroah-Hartman
2013-11-01 22:07 ` [PATCH 3.11 66/66] usb: serial: option: blacklist Olivetti Olicard200 Greg Kroah-Hartman
2013-11-02 2:31 ` [PATCH 3.11 00/66] 3.11.7-stable review Guenter Roeck
2013-11-02 15:43 ` Greg Kroah-Hartman
2013-11-02 21:30 ` Shuah Khan
2013-11-02 22:10 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131101220641.158158095@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=amwang@redhat.com \
--cc=davem@davemloft.net \
--cc=linus.luessing@web.de \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=vyasevich@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox