git.baikalelectronics.ru Git - kernel.git/commit

author	Nikolay Aleksandrov <razor@blackwall.org>
	Mon, 15 Jun 2015 17:28:51 +0000 (20:28 +0300)
committer	David S. Miller <davem@davemloft.net>
	Thu, 18 Jun 2015 10:29:47 +0000 (03:29 -0700)
commit	ce3262878c6a04f59d462415f71f15059e7f1e9b
tree	ad530475217a5b3924aba3efa33125c345cf0a80	tree \| snapshot
parent	1d770a1dc3272222b3b36eefa364d9d3fb6e6e7b	commit \| diff

bridge: fix br_stp_set_bridge_priority race conditions

After the ->set() spinlocks were removed br_stp_set_bridge_priority
was left running without any protection when used via sysfs. It can
race with port add/del and could result in use-after-free cases and
corrupted lists. Tested by running port add/del in a loop with stp
enabled while setting priority in a loop, crashes are easily
reproducible.
The spinlocks around sysfs ->set() were removed in commit:
c38a32efd2dc ("bridge: range check STP parameters")
There's also a race condition in the netlink priority support that is
fixed by this change, but it was introduced recently and the fixes tag
covers it, just in case it's needed the commit is:
1d01f6a863ae ("bridge: add ageing_time, stp_state, priority over netlink")

Signed-off-by: Nikolay Aleksandrov <razor@blackwall.org>
Fixes: c38a32efd2dc ("bridge: range check STP parameters")
Signed-off-by: David S. Miller <davem@davemloft.net>

net/bridge/br_ioctl.c		diff \| blob \| history
net/bridge/br_stp_if.c		diff \| blob \| history