git.fsl.cs.sunysb.edu Git - wrapfs-4.13.y.git/commit

author	Nikolay Aleksandrov <razor@blackwall.org>
	Mon, 15 Jun 2015 17:28:51 +0000 (20:28 +0300)
committer	Sasha Levin <sasha.levin@oracle.com>
	Sun, 5 Jul 2015 14:12:58 +0000 (10:12 -0400)
commit	e3c0852fdda9648c39f3bd929bcb1d58f120e06c
tree	6cc528f106a03d921fa73ce1f13f9cbb4c1337f7	tree \| snapshot
parent	720e1669baa8f2658d737825e49edb018cf3aa1d	commit \| diff

bridge: fix br_stp_set_bridge_priority race conditions

[ Upstream commit 2dab80a8b486f02222a69daca6859519e05781d9 ]

After the ->set() spinlocks were removed br_stp_set_bridge_priority
was left running without any protection when used via sysfs. It can
race with port add/del and could result in use-after-free cases and
corrupted lists. Tested by running port add/del in a loop with stp
enabled while setting priority in a loop, crashes are easily
reproducible.
The spinlocks around sysfs ->set() were removed in commit:
14f98f258f19 ("bridge: range check STP parameters")
There's also a race condition in the netlink priority support that is
fixed by this change, but it was introduced recently and the fixes tag
covers it, just in case it's needed the commit is:
af615762e972 ("bridge: add ageing_time, stp_state, priority over netlink")

Signed-off-by: Nikolay Aleksandrov <razor@blackwall.org>
Fixes: 14f98f258f19 ("bridge: range check STP parameters")
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>

net/bridge/br_ioctl.c		diff \| blob \| history
net/bridge/br_stp_if.c		diff \| blob \| history