* [PATCH 2/2] bridge: kernel panic when unloading bridge module [not found] <20080428172809.7f814ed5@extreme> @ 2008-04-29 0:29 ` Stephen Hemminger 2008-04-29 10:18 ` David Miller 0 siblings, 1 reply; 2+ messages in thread From: Stephen Hemminger @ 2008-04-29 0:29 UTC (permalink / raw) To: David Miller; +Cc: netdev, Bodo Stroesser There is a race condition when unloading bridge and netfilter. The problem happens if __fake_rtable is in use by a skb coming in, while someone starts to unload bridge.ko. br_netfilter_fini() is called at the beginning of unload in br_deinit() while skbs still are being forwarded and transferred to local ip stack. Thus there is a possibility of the __fake_rtable pointer not being removed in a skb that goes up to ip stack. This results in a kernel panic, as ip_rcv() calls the input-function of __fake_rtable, which is NULL. Moving the call of br_netfilter_fini() to the end of br_deinit() solves the problem. Signed-off-by: Bodo Stroesser <bstroesser@fujitsu-siemens.com> Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com> --- net/bridge/br.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) --- a/net/bridge/br.c 2008-04-28 15:27:06.000000000 -0700 +++ b/net/bridge/br.c 2008-04-28 15:31:32.000000000 -0700 @@ -76,7 +76,6 @@ static void __exit br_deinit(void) rcu_assign_pointer(br_stp_sap->rcv_func, NULL); br_netlink_fini(); - br_netfilter_fini(); unregister_netdevice_notifier(&br_device_notifier); brioctl_set(NULL); @@ -84,6 +83,7 @@ static void __exit br_deinit(void) synchronize_net(); + br_netfilter_fini(); llc_sap_put(br_stp_sap); br_fdb_get_hook = NULL; br_fdb_put_hook = NULL; ^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH 2/2] bridge: kernel panic when unloading bridge module 2008-04-29 0:29 ` [PATCH 2/2] bridge: kernel panic when unloading bridge module Stephen Hemminger @ 2008-04-29 10:18 ` David Miller 0 siblings, 0 replies; 2+ messages in thread From: David Miller @ 2008-04-29 10:18 UTC (permalink / raw) To: shemminger; +Cc: netdev, bstroesser From: Stephen Hemminger <shemminger@vyatta.com> Date: Mon, 28 Apr 2008 17:29:07 -0700 > There is a race condition when unloading bridge and netfilter. > > The problem happens if __fake_rtable is in use by a skb > coming in, while someone starts to unload bridge.ko. > br_netfilter_fini() is called at the beginning of unload > in br_deinit() while skbs still are being forwarded and > transferred to local ip stack. Thus there is a possibility > of the __fake_rtable pointer not being removed in a skb that > goes up to ip stack. This results in a kernel panic, as > ip_rcv() calls the input-function of __fake_rtable, which > is NULL. > > Moving the call of br_netfilter_fini() to the end of > br_deinit() solves the problem. > > Signed-off-by: Bodo Stroesser <bstroesser@fujitsu-siemens.com> > Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com> Also applied, thanks. ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2008-04-29 10:18 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20080428172809.7f814ed5@extreme>
2008-04-29 0:29 ` [PATCH 2/2] bridge: kernel panic when unloading bridge module Stephen Hemminger
2008-04-29 10:18 ` David Miller
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).