linux-hardened/net/bridge
Curt Brune fe0d692bbc bridge: use spin_lock_bh() in br_multicast_set_hash_max
br_multicast_set_hash_max() is called from process context in
net/bridge/br_sysfs_br.c by the sysfs store_hash_max() function.

br_multicast_set_hash_max() calls spin_lock(&br->multicast_lock),
which can deadlock the CPU if a softirq that also tries to take the
same lock interrupts br_multicast_set_hash_max() while the lock is
held .  This can happen quite easily when any of the bridge multicast
timers expire, which try to take the same lock.

The fix here is to use spin_lock_bh(), preventing other softirqs from
executing on this CPU.

Steps to reproduce:

1. Create a bridge with several interfaces (I used 4).
2. Set the "multicast query interval" to a low number, like 2.
3. Enable the bridge as a multicast querier.
4. Repeatedly set the bridge hash_max parameter via sysfs.

  # brctl addbr br0
  # brctl addif br0 eth1 eth2 eth3 eth4
  # brctl setmcqi br0 2
  # brctl setmcquerier br0 1

  # while true ; do echo 4096 > /sys/class/net/br0/bridge/hash_max; done

Signed-off-by: Curt Brune <curt@cumulusnetworks.com>
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-01-06 16:39:47 -05:00
..
netfilter netfilter: ebt_ip6: fix source and destination matching 2013-11-19 15:33:29 +01:00
br.c net:bridge: use IS_ENABLED 2011-12-16 15:49:52 -05:00
br_device.c Merge branch 'core-locking-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-11-14 16:30:30 +09:00
br_fdb.c bridge: Don't use VID 0 and 4095 in vlan filtering 2013-10-18 16:02:52 -04:00
br_forward.c bridge: Add a flag to control unicast packet flood. 2013-06-11 02:04:32 -07:00
br_if.c bridge: flush br's address entry in fdb when remove the 2013-11-20 15:31:11 -05:00
br_input.c bridge: pass correct vlan id to multicast code 2013-10-29 17:40:08 -04:00
br_ioctl.c net: Allow userns root to control the network bridge code. 2012-11-18 20:33:00 -05:00
br_mdb.c Revert "bridge: only expire the mdb entry when query is received" 2013-10-22 14:41:02 -04:00
br_multicast.c bridge: use spin_lock_bh() in br_multicast_set_hash_max 2014-01-06 16:39:47 -05:00
br_netfilter.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2013-11-04 19:46:58 -05:00
br_netlink.c bridge: Don't use VID 0 and 4095 in vlan filtering 2013-10-18 16:02:52 -04:00
br_notify.c net: convert resend IGMP to notifier event 2013-07-23 16:52:47 -07:00
br_private.h br: fix use of ->rx_handler_data in code executed on non-rx_handler path 2013-12-06 15:41:40 -05:00
br_private_stp.h net: 8021q/bluetooth/bridge/can/ceph: Remove extern from function prototypes 2013-10-19 19:12:11 -04:00
br_stp.c bridge: Clamp forward_delay when enabling STP 2013-09-12 23:32:14 -04:00
br_stp_bpdu.c br: fix use of ->rx_handler_data in code executed on non-rx_handler path 2013-12-06 15:41:40 -05:00
br_stp_if.c bridge: Correctly clamp MAX forward_delay when enabling STP 2013-10-17 16:12:15 -04:00
br_stp_timer.c bridge: fix race with topology change timer 2013-05-03 16:08:58 -04:00
br_sysfs_br.c bridge: correct the comment for file br_sysfs_br.c 2013-08-07 10:35:06 -07:00
br_sysfs_if.c bridge: Add a flag to control unicast packet flood. 2013-06-11 02:04:32 -07:00
br_vlan.c bridge: Call vlan_vid_del for all vids at nbp_vlan_flush 2013-11-14 16:16:34 -05:00
Kconfig bridge: Add vlan filtering infrastructure 2013-02-13 19:41:46 -05:00
Makefile bridge: Add vlan filtering infrastructure 2013-02-13 19:41:46 -05:00