[PATCH 3.19.y-ckt 140/146] bridge: fix br_multicast_query_expired() bug

Wed Jun 17 22:24:05 UTC 2015

3.19.8-ckt2 -stable review patch.  If anyone has any objections, please let me know.

------------------

From: Eric Dumazet <edumazet at google.com>

[ Upstream commit 71d9f6149cac8fc6646adfb2a6f3b0de6ddd23f6 ]

br_multicast_query_expired() querier argument is a pointer to
a struct bridge_mcast_querier :

struct bridge_mcast_querier {
        struct br_ip addr;
        struct net_bridge_port __rcu    *port;
};

Intent of the code was to clear port field, not the pointer to querier.

Fixes: 2cd4143192e8 ("bridge: memorize and export selected IGMP/MLD querier port")
Signed-off-by: Eric Dumazet <edumazet at google.com>
Acked-by: Thadeu Lima de Souza Cascardo <cascardo at redhat.com>
Acked-by: Linus Lüssing <linus.luessing at c0d3.blue>
Cc: Linus Lüssing <linus.luessing at web.de>
Cc: Steinar H. Gunderson <sesse at samfundet.no>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
 net/bridge/br_multicast.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index cd02185..b0aee78 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -1821,7 +1821,7 @@ static void br_multicast_query_expired(struct net_bridge *br,
 	if (query->startup_sent < br->multicast_startup_query_count)
 		query->startup_sent++;
 
-	RCU_INIT_POINTER(querier, NULL);
+	RCU_INIT_POINTER(querier->port, NULL);
 	br_multicast_send_query(br, NULL, query);
 	spin_unlock(&br->multicast_lock);
 }
-- 
1.9.1



