From mboxrd@z Thu Jan  1 00:00:00 1970
From: David Miller <davem@davemloft.net>
Subject: Re: [PATCH net] bridge: check brport attr show in brport_show
Date: Mon, 12 Feb 2018 11:19:31 -0500 (EST)
Message-ID: <20180212.111931.1353939040623428981.davem@davemloft.net>
References: <5c798e132c6635bb9ee309b6c9d63b940944b911.1518426940.git.lucien.xin@gmail.com>
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: netdev@vger.kernel.org, shemminger@linux-foundation.org
To: lucien.xin@gmail.com
Return-path: <netdev-owner@vger.kernel.org>
Received: from shards.monkeyblade.net ([184.105.139.130]:54404 "EHLO
        shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S964899AbeBLQUw (ORCPT
        <rfc822;netdev@vger.kernel.org>); Mon, 12 Feb 2018 11:20:52 -0500
In-Reply-To: <5c798e132c6635bb9ee309b6c9d63b940944b911.1518426940.git.lucien.xin@gmail.com>
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

From: Xin Long <lucien.xin@gmail.com>
Date: Mon, 12 Feb 2018 17:15:40 +0800

> Now br_sysfs_if file flush doesn't have attr show. To read it will
> cause kernel panic after users chmod u+r this file.
> 
> Xiong found this issue when running the commands:
> 
>   ip link add br0 type bridge
>   ip link add type veth
>   ip link set veth0 master br0
>   chmod u+r /sys/devices/virtual/net/veth0/brport/flush
>   timeout 3 cat /sys/devices/virtual/net/veth0/brport/flush
> 
> kernel crashed with NULL a pointer dereference call trace.
> 
> This patch is to fix it by return -EINVAL when brport_attr->show
> is null, just the same as the check for brport_attr->store in
> brport_store().
> 
> Fixes: 9cf637473c85 ("bridge: add sysfs hook to flush forwarding table")
> Reported-by: Xiong Zhou <xzhou@redhat.com>
> Signed-off-by: Xin Long <lucien.xin@gmail.com>

Applied and queued up for -stable, thank you.