[3.19.y-ckt stable] Patch "bridge: mdb: zero out the local br_ip variable before use" has been added to staging queue

Kamal Mostafa kamal at canonical.com
Wed Aug 5 21:48:09 UTC 2015


This is a note to let you know that I have just added a patch titled

    bridge: mdb: zero out the local br_ip variable before use

to the linux-3.19.y-queue branch of the 3.19.y-ckt extended stable tree 
which can be found at:

    http://kernel.ubuntu.com/git/ubuntu/linux.git/log/?h=linux-3.19.y-queue

This patch is scheduled to be released in version 3.19.8-ckt5.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.19.y-ckt tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Kamal

------

>From f228f1c570e28a9447c9726a8dc6b18fcbea8513 Mon Sep 17 00:00:00 2001
From: Nikolay Aleksandrov <razor at blackwall.org>
Date: Tue, 7 Jul 2015 15:55:56 +0200
Subject: bridge: mdb: zero out the local br_ip variable before use

commit f1158b74e54f2e2462ba5e2f45a118246d9d5b43 upstream.

Since commit b0e9a30dd669 ("bridge: Add vlan id to multicast groups")
there's a check in br_ip_equal() for a matching vlan id, but the mdb
functions were not modified to use (or at least zero it) so when an
entry was added it would have a garbage vlan id (from the local br_ip
variable in __br_mdb_add/del) and this would prevent it from being
matched and also deleted. So zero out the whole local ip var to protect
ourselves from future changes and also to fix the current bug, since
there's no vlan id support in the mdb uapi - use always vlan id 0.
Example before patch:
root at debian:~# bridge mdb add dev br0 port eth1 grp 239.0.0.1 permanent
root at debian:~# bridge mdb
dev br0 port eth1 grp 239.0.0.1 permanent
root at debian:~# bridge mdb del dev br0 port eth1 grp 239.0.0.1 permanent
RTNETLINK answers: Invalid argument

After patch:
root at debian:~# bridge mdb add dev br0 port eth1 grp 239.0.0.1 permanent
root at debian:~# bridge mdb
dev br0 port eth1 grp 239.0.0.1 permanent
root at debian:~# bridge mdb del dev br0 port eth1 grp 239.0.0.1 permanent
root at debian:~# bridge mdb

Signed-off-by: Nikolay Aleksandrov <razor at blackwall.org>
Fixes: b0e9a30dd669 ("bridge: Add vlan id to multicast groups")
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
 net/bridge/br_mdb.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index 2192740..4754f2d 100644
--- a/net/bridge/br_mdb.c
+++ b/net/bridge/br_mdb.c
@@ -373,6 +373,7 @@ static int __br_mdb_add(struct net *net, struct net_bridge *br,
 	if (!p || p->br != br || p->state == BR_STATE_DISABLED)
 		return -EINVAL;

+	memset(&ip, 0, sizeof(ip));
 	ip.proto = entry->addr.proto;
 	if (ip.proto == htons(ETH_P_IP))
 		ip.u.ip4 = entry->addr.u.ip4;
@@ -419,6 +420,7 @@ static int __br_mdb_del(struct net_bridge *br, struct br_mdb_entry *entry)
 	if (!netif_running(br->dev) || br->multicast_disabled)
 		return -EINVAL;

+	memset(&ip, 0, sizeof(ip));
 	ip.proto = entry->addr.proto;
 	if (ip.proto == htons(ETH_P_IP)) {
 		if (timer_pending(&br->ip4_other_query.timer))
--
1.9.1





More information about the kernel-team mailing list