Merge branch 'bond_neigh_parms'
Veaceslav Falico says: ==================== Recent patches revealed an old bug, which was there for quite awhile. It's related to vlan on top of bonding and ndo_neigh_setup(). When vlan device is initiated, it calls its real_dev->ndo_neigh_setup(), and in case of bonding - it will modify neigh_parms->neigh_setup to point to bond_neigh_init, while neigh_parms are of vlan's dev. This way, when neigh_parms->neigh_setup() of vlan's dev is called, the bonding function will be called, which expects the dev to be struct bonding, but will receive a vlan dev. It was hidden before because of bond->first_slave usage. Now, with Nikolay's conversion to list/RCU, first_slave is gone and we hit a null pointer dereference when working with lists/slave. First patch moves ndo_neigh_setup() in neigh_parms_alloc() to the bottom, so that the ->dev will be available to the caller. It doesn't really change anything, however is needed for the second patch. Second patch makes bond_neigh_setup() (bond->ndo_neigh_setup()) check if the neigh_parms are really from a bonding dev, and only modify the neigh_setup in this case. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>hifive-unleashed-5.1
David S. Miller
commit
4b42df5da8
|
|
@ -3630,11 +3630,17 @@ static int bond_neigh_init(struct neighbour *n)
|
|||
* The bonding ndo_neigh_setup is called at init time beofre any
|
||||
* slave exists. So we must declare proxy setup function which will
|
||||
* be used at run time to resolve the actual slave neigh param setup.
|
||||
*
|
||||
* It's also called by master devices (such as vlans) to setup their
|
||||
* underlying devices. In that case - do nothing, we're already set up from
|
||||
* our init.
|
||||
*/
|
||||
static int bond_neigh_setup(struct net_device *dev,
|
||||
struct neigh_parms *parms)
|
||||
{
|
||||
parms->neigh_setup = bond_neigh_init;
|
||||
/* modify only our neigh_parms */
|
||||
if (parms->dev == dev)
|
||||
parms->neigh_setup = bond_neigh_init;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1441,16 +1441,18 @@ struct neigh_parms *neigh_parms_alloc(struct net_device *dev,
|
|||
atomic_set(&p->refcnt, 1);
|
||||
p->reachable_time =
|
||||
neigh_rand_reach_time(p->base_reachable_time);
|
||||
|
||||
if (ops->ndo_neigh_setup && ops->ndo_neigh_setup(dev, p)) {
|
||||
kfree(p);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
dev_hold(dev);
|
||||
p->dev = dev;
|
||||
write_pnet(&p->net, hold_net(net));
|
||||
p->sysctl_table = NULL;
|
||||
|
||||
if (ops->ndo_neigh_setup && ops->ndo_neigh_setup(dev, p)) {
|
||||
release_net(net);
|
||||
dev_put(dev);
|
||||
kfree(p);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
write_lock_bh(&tbl->lock);
|
||||
p->next = tbl->parms.next;
|
||||
tbl->parms.next = p;
|
||||
|
|
|
|||
Loading…
Reference in New Issue