aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBodo Stroesser <bstroesser@fujitsu-siemens.com>2008-04-29 06:18:13 -0400
committerDavid S. Miller <davem@davemloft.net>2008-04-29 06:18:13 -0400
commitd69efb16891ddfa6c0b527f912a7193054d50281 (patch)
treef9d3b4a858530e0e63246467cf9d1efdd6abdd05
parent43af8532ecd74a61f9e7aeb27c026c1ee27915ca (diff)
bridge: kernel panic when unloading bridge module
There is a race condition when unloading bridge and netfilter. The problem happens if __fake_rtable is in use by a skb coming in, while someone starts to unload bridge.ko. br_netfilter_fini() is called at the beginning of unload in br_deinit() while skbs still are being forwarded and transferred to local ip stack. Thus there is a possibility of the __fake_rtable pointer not being removed in a skb that goes up to ip stack. This results in a kernel panic, as ip_rcv() calls the input-function of __fake_rtable, which is NULL. Moving the call of br_netfilter_fini() to the end of br_deinit() solves the problem. Signed-off-by: Bodo Stroesser <bstroesser@fujitsu-siemens.com> Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/bridge/br.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/bridge/br.c b/net/bridge/br.c
index a90182873120..8f3c58e5f7a5 100644
--- a/net/bridge/br.c
+++ b/net/bridge/br.c
@@ -76,7 +76,6 @@ static void __exit br_deinit(void)
76 rcu_assign_pointer(br_stp_sap->rcv_func, NULL); 76 rcu_assign_pointer(br_stp_sap->rcv_func, NULL);
77 77
78 br_netlink_fini(); 78 br_netlink_fini();
79 br_netfilter_fini();
80 unregister_netdevice_notifier(&br_device_notifier); 79 unregister_netdevice_notifier(&br_device_notifier);
81 brioctl_set(NULL); 80 brioctl_set(NULL);
82 81
@@ -84,6 +83,7 @@ static void __exit br_deinit(void)
84 83
85 synchronize_net(); 84 synchronize_net();
86 85
86 br_netfilter_fini();
87 llc_sap_put(br_stp_sap); 87 llc_sap_put(br_stp_sap);
88 br_fdb_get_hook = NULL; 88 br_fdb_get_hook = NULL;
89 br_fdb_put_hook = NULL; 89 br_fdb_put_hook = NULL;