diff options
| author | Loic Prylli <loicp@google.com> | 2014-07-02 00:39:43 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2014-07-08 00:20:01 -0400 |
| commit | 54951194656e4853e441266fd095f880bc0398f3 (patch) | |
| tree | 2a6401c68307ca4553f5664ad5946bba9b09a47f /net | |
| parent | 8dcb4b1526747d8431f9895e153dd478c9d16186 (diff) | |
net: Fix NETDEV_CHANGE notifier usage causing spurious arp flush
A bug was introduced in NETDEV_CHANGE notifier sequence causing the
arp table to be sometimes spuriously cleared (including manual arp
entries marked permanent), upon network link carrier changes.
The changed argument for the notifier was applied only to a single
caller of NETDEV_CHANGE, missing among others netdev_state_change().
So upon net_carrier events induced by the network, which are
triggering a call to netdev_state_change(), arp_netdev_event() would
decide whether to clear or not arp cache based on random/junk stack
values (a kind of read buffer overflow).
Fixes: be9efd365328 ("net: pass changed flags along with NETDEV_CHANGE event")
Fixes: 6c8b4e3ff81b ("arp: flush arp cache on IFF_NOARP change")
Signed-off-by: Loic Prylli <loicp@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/core/dev.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/net/core/dev.c b/net/core/dev.c index 77c19c7bb490..7990984ca364 100644 --- a/net/core/dev.c +++ b/net/core/dev.c | |||
| @@ -148,6 +148,9 @@ struct list_head ptype_all __read_mostly; /* Taps */ | |||
| 148 | static struct list_head offload_base __read_mostly; | 148 | static struct list_head offload_base __read_mostly; |
| 149 | 149 | ||
| 150 | static int netif_rx_internal(struct sk_buff *skb); | 150 | static int netif_rx_internal(struct sk_buff *skb); |
| 151 | static int call_netdevice_notifiers_info(unsigned long val, | ||
| 152 | struct net_device *dev, | ||
| 153 | struct netdev_notifier_info *info); | ||
| 151 | 154 | ||
| 152 | /* | 155 | /* |
| 153 | * The @dev_base_head list is protected by @dev_base_lock and the rtnl | 156 | * The @dev_base_head list is protected by @dev_base_lock and the rtnl |
| @@ -1207,7 +1210,11 @@ EXPORT_SYMBOL(netdev_features_change); | |||
| 1207 | void netdev_state_change(struct net_device *dev) | 1210 | void netdev_state_change(struct net_device *dev) |
| 1208 | { | 1211 | { |
| 1209 | if (dev->flags & IFF_UP) { | 1212 | if (dev->flags & IFF_UP) { |
| 1210 | call_netdevice_notifiers(NETDEV_CHANGE, dev); | 1213 | struct netdev_notifier_change_info change_info; |
| 1214 | |||
| 1215 | change_info.flags_changed = 0; | ||
| 1216 | call_netdevice_notifiers_info(NETDEV_CHANGE, dev, | ||
| 1217 | &change_info.info); | ||
| 1211 | rtmsg_ifinfo(RTM_NEWLINK, dev, 0, GFP_KERNEL); | 1218 | rtmsg_ifinfo(RTM_NEWLINK, dev, 0, GFP_KERNEL); |
| 1212 | } | 1219 | } |
| 1213 | } | 1220 | } |