netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 2/2] bridge: kernel panic when unloading bridge module
       [not found] <20080428172809.7f814ed5@extreme>
@ 2008-04-29  0:29 ` Stephen Hemminger
  2008-04-29 10:18   ` David Miller
  0 siblings, 1 reply; 2+ messages in thread
From: Stephen Hemminger @ 2008-04-29  0:29 UTC (permalink / raw)
  To: David Miller; +Cc: netdev, Bodo Stroesser

There is a race condition when unloading bridge and netfilter.

The problem happens if __fake_rtable is in use by a skb
coming in, while someone starts to unload bridge.ko.
br_netfilter_fini() is called at the beginning of unload
in br_deinit() while skbs still are being forwarded and
transferred to local ip stack. Thus there is a possibility
of the __fake_rtable pointer not being removed in a skb that
goes up to ip stack. This results in a kernel panic, as
ip_rcv() calls the input-function of __fake_rtable, which
is NULL.

Moving the call of br_netfilter_fini() to the end of
br_deinit() solves the problem.

Signed-off-by: Bodo Stroesser <bstroesser@fujitsu-siemens.com>
Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>

---
 net/bridge/br.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

--- a/net/bridge/br.c	2008-04-28 15:27:06.000000000 -0700
+++ b/net/bridge/br.c	2008-04-28 15:31:32.000000000 -0700
@@ -76,7 +76,6 @@ static void __exit br_deinit(void)
 	rcu_assign_pointer(br_stp_sap->rcv_func, NULL);
 
 	br_netlink_fini();
-	br_netfilter_fini();
 	unregister_netdevice_notifier(&br_device_notifier);
 	brioctl_set(NULL);
 
@@ -84,6 +83,7 @@ static void __exit br_deinit(void)
 
 	synchronize_net();
 
+	br_netfilter_fini();
 	llc_sap_put(br_stp_sap);
 	br_fdb_get_hook = NULL;
 	br_fdb_put_hook = NULL;

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [PATCH 2/2] bridge: kernel panic when unloading bridge module
  2008-04-29  0:29 ` [PATCH 2/2] bridge: kernel panic when unloading bridge module Stephen Hemminger
@ 2008-04-29 10:18   ` David Miller
  0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2008-04-29 10:18 UTC (permalink / raw)
  To: shemminger; +Cc: netdev, bstroesser

From: Stephen Hemminger <shemminger@vyatta.com>
Date: Mon, 28 Apr 2008 17:29:07 -0700

> There is a race condition when unloading bridge and netfilter.
> 
> The problem happens if __fake_rtable is in use by a skb
> coming in, while someone starts to unload bridge.ko.
> br_netfilter_fini() is called at the beginning of unload
> in br_deinit() while skbs still are being forwarded and
> transferred to local ip stack. Thus there is a possibility
> of the __fake_rtable pointer not being removed in a skb that
> goes up to ip stack. This results in a kernel panic, as
> ip_rcv() calls the input-function of __fake_rtable, which
> is NULL.
> 
> Moving the call of br_netfilter_fini() to the end of
> br_deinit() solves the problem.
> 
> Signed-off-by: Bodo Stroesser <bstroesser@fujitsu-siemens.com>
> Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>

Also applied, thanks.

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2008-04-29 10:18 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <20080428172809.7f814ed5@extreme>
2008-04-29  0:29 ` [PATCH 2/2] bridge: kernel panic when unloading bridge module Stephen Hemminger
2008-04-29 10:18   ` David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).