Details

Issue of the Implementation # L0057

Brief

bridge: fix rcu dereference outside of rcu_read_lock

Detailed Description

As it noted in the comment before the br_handle_frame_finish function, this function should be called under rcu_read_lock. The problem callgraph: br_dev_xmit -> br_nf_pre_routing_finish_bridge_slow -> -> br_handle_frame_finish -> br_port_get_rcu -> rcu_dereference And in this case there is no read-lock section.

Component

linux-kernel 3.5

Accepted

https://lkml.org/lkml/2012/8/13/598
commit

Status

Fixed in kernel 3.6-rc2

[Home]

Русский

About Us

Projects