From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Miller Subject: Re: [PATCH net v2] bridge: Fix incorrect re-injection of STP packets Date: Fri, 10 Jun 2016 22:42:12 -0700 (PDT) Message-ID: <20160610.224212.426571796038760142.davem@davemloft.net> References: <1465290418-8015-1-git-send-email-idosch@mellanox.com> Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: yotamg@mellanox.com, netdev@vger.kernel.org, bridge@lists.linux-foundation.org, fw@strlen.de, jiri@mellanox.com, nogahf@mellanox.com, eladr@mellanox.com, ogerlitz@mellanox.com, shmulik.ladkani@gmail.com To: idosch@mellanox.com Return-path: In-Reply-To: <1465290418-8015-1-git-send-email-idosch@mellanox.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: bridge-bounces@lists.linux-foundation.org Errors-To: bridge-bounces@lists.linux-foundation.org List-Id: netdev.vger.kernel.org From: Ido Schimmel Date: Tue, 7 Jun 2016 12:06:58 +0300 > Commit 8626c56c8279 ("bridge: fix potential use-after-free when hook > returns QUEUE or STOLEN verdict") fixed incorrect usage of NF_HOOK's > return value by consuming packets in okfn via br_pass_frame_up(). > > However, this function re-injects packets to the Rx path with skb->dev > set to the bridge device, which breaks kernel's STP, as all STP packets > appear to originate from the bridge device itself. > > Instead, if STP is enabled and bridge isn't a 802.1ad bridge, then learn > packet's SMAC and inject it back to the Rx path for further processing > by the packet handlers. > > The patch also makes netfilter's behavior consistent with regards to > packets destined to the Bridge Group Address, as no hook registered at > LOCAL_IN will ever be called, regardless if STP is enabled or not. > > Cc: Florian Westphal > Cc: Shmulik Ladkani > Cc: Toshiaki Makita > Fixes: 8626c56c8279 ("bridge: fix potential use-after-free when hook returns QUEUE or STOLEN verdict") > Signed-off-by: Jiri Pirko > Signed-off-by: Ido Schimmel Applied, thanks. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Fri, 10 Jun 2016 22:42:12 -0700 (PDT) Message-Id: <20160610.224212.426571796038760142.davem@davemloft.net> From: David Miller In-Reply-To: <1465290418-8015-1-git-send-email-idosch@mellanox.com> References: <1465290418-8015-1-git-send-email-idosch@mellanox.com> Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Re: [Bridge] [PATCH net v2] bridge: Fix incorrect re-injection of STP packets List-Id: Linux Ethernet Bridging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: idosch@mellanox.com Cc: yotamg@mellanox.com, netdev@vger.kernel.org, bridge@lists.linux-foundation.org, fw@strlen.de, jiri@mellanox.com, nogahf@mellanox.com, eladr@mellanox.com, ogerlitz@mellanox.com, shmulik.ladkani@gmail.com From: Ido Schimmel Date: Tue, 7 Jun 2016 12:06:58 +0300 > Commit 8626c56c8279 ("bridge: fix potential use-after-free when hook > returns QUEUE or STOLEN verdict") fixed incorrect usage of NF_HOOK's > return value by consuming packets in okfn via br_pass_frame_up(). > > However, this function re-injects packets to the Rx path with skb->dev > set to the bridge device, which breaks kernel's STP, as all STP packets > appear to originate from the bridge device itself. > > Instead, if STP is enabled and bridge isn't a 802.1ad bridge, then learn > packet's SMAC and inject it back to the Rx path for further processing > by the packet handlers. > > The patch also makes netfilter's behavior consistent with regards to > packets destined to the Bridge Group Address, as no hook registered at > LOCAL_IN will ever be called, regardless if STP is enabled or not. > > Cc: Florian Westphal > Cc: Shmulik Ladkani > Cc: Toshiaki Makita > Fixes: 8626c56c8279 ("bridge: fix potential use-after-free when hook returns QUEUE or STOLEN verdict") > Signed-off-by: Jiri Pirko > Signed-off-by: Ido Schimmel Applied, thanks.