From ddf8858ceabc9dcbac3c4cd637a383fa66f7ef9c Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Tue, 25 Aug 2015 07:25:20 +0000 Subject: [PATCH] kernel: bridge, multicast-to-unicast: assign src after pskb_may_pull() MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit A call to pskb_may_pull() might reallocate skb->data. Therefore we should only assign the src-pointer after any potential reallocations. Signed-off-by: Linus Lüssing Signed-off-by: Felix Fietkau SVN-Revision: 46721 --- .../645-bridge_multicast_to_unicast.patch | 45 +++++++++-------- .../645-bridge_multicast_to_unicast.patch | 48 ++++++++++++------- 2 files changed, 56 insertions(+), 37 deletions(-) diff --git a/target/linux/generic/patches-3.18/645-bridge_multicast_to_unicast.patch b/target/linux/generic/patches-3.18/645-bridge_multicast_to_unicast.patch index e8be1fd985..1e070d9d9c 100644 --- a/target/linux/generic/patches-3.18/645-bridge_multicast_to_unicast.patch +++ b/target/linux/generic/patches-3.18/645-bridge_multicast_to_unicast.patch @@ -100,37 +100,40 @@ struct sk_buff *skb, u16 vid) { -+ const unsigned char *src = eth_hdr(skb)->h_source; ++ const unsigned char *src; struct igmpv3_report *ih; struct igmpv3_grec *grec; int i; -@@ -1008,7 +1031,7 @@ static int br_ip4_multicast_igmp3_report +@@ -1008,7 +1031,8 @@ static int br_ip4_multicast_igmp3_report continue; } - err = br_ip4_multicast_add_group(br, port, group, vid); ++ src = eth_hdr(skb)->h_source; + err = br_ip4_multicast_add_group(br, port, group, vid, src); if (err) break; } -@@ -1022,6 +1045,7 @@ static int br_ip6_multicast_mld2_report( +@@ -1022,6 +1046,7 @@ static int br_ip6_multicast_mld2_report( struct sk_buff *skb, u16 vid) { -+ const unsigned char *src = eth_hdr(skb)->h_source; ++ const unsigned char *src; struct icmp6hdr *icmp6h; struct mld2_grec *grec; int i; -@@ -1070,7 +1094,7 @@ static int br_ip6_multicast_mld2_report( +@@ -1069,8 +1094,9 @@ static int br_ip6_multicast_mld2_report( + continue; } ++ src = eth_hdr(skb)->h_source; err = br_ip6_multicast_add_group(br, port, &grec->grec_mca, - vid); + vid, src); if (err) break; } -@@ -1407,7 +1431,8 @@ br_multicast_leave_group(struct net_brid +@@ -1407,7 +1433,8 @@ br_multicast_leave_group(struct net_brid struct net_bridge_port *port, struct br_ip *group, struct bridge_mcast_other_query *other_query, @@ -140,7 +143,7 @@ { struct net_bridge_mdb_htable *mdb; struct net_bridge_mdb_entry *mp; -@@ -1457,7 +1482,7 @@ br_multicast_leave_group(struct net_brid +@@ -1457,7 +1484,7 @@ br_multicast_leave_group(struct net_brid for (pp = &mp->ports; (p = mlock_dereference(*pp, br)) != NULL; pp = &p->next) { @@ -149,7 +152,7 @@ continue; rcu_assign_pointer(*pp, p->next); -@@ -1491,7 +1516,7 @@ br_multicast_leave_group(struct net_brid +@@ -1491,7 +1518,7 @@ br_multicast_leave_group(struct net_brid for (p = mlock_dereference(mp->ports, br); p != NULL; p = mlock_dereference(p->next, br)) { @@ -158,7 +161,7 @@ continue; if (!hlist_unhashed(&p->mglist) && -@@ -1509,8 +1534,8 @@ out: +@@ -1509,8 +1536,8 @@ out: static void br_ip4_multicast_leave_group(struct net_bridge *br, struct net_bridge_port *port, @@ -169,7 +172,7 @@ { struct br_ip br_group; struct bridge_mcast_own_query *own_query; -@@ -1525,14 +1550,14 @@ static void br_ip4_multicast_leave_group +@@ -1525,14 +1552,14 @@ static void br_ip4_multicast_leave_group br_group.vid = vid; br_multicast_leave_group(br, port, &br_group, &br->ip4_other_query, @@ -186,7 +189,7 @@ { struct br_ip br_group; struct bridge_mcast_own_query *own_query; -@@ -1547,7 +1572,7 @@ static void br_ip6_multicast_leave_group +@@ -1547,7 +1574,7 @@ static void br_ip6_multicast_leave_group br_group.vid = vid; br_multicast_leave_group(br, port, &br_group, &br->ip6_other_query, @@ -195,55 +198,59 @@ } #endif -@@ -1556,6 +1581,7 @@ static int br_multicast_ipv4_rcv(struct +@@ -1556,6 +1583,7 @@ static int br_multicast_ipv4_rcv(struct struct sk_buff *skb, u16 vid) { -+ const unsigned char *src = eth_hdr(skb)->h_source; ++ const unsigned char *src; struct sk_buff *skb2 = skb; const struct iphdr *iph; struct igmphdr *ih; -@@ -1629,7 +1655,7 @@ static int br_multicast_ipv4_rcv(struct +@@ -1629,7 +1657,8 @@ static int br_multicast_ipv4_rcv(struct case IGMP_HOST_MEMBERSHIP_REPORT: case IGMPV2_HOST_MEMBERSHIP_REPORT: BR_INPUT_SKB_CB(skb)->mrouters_only = 1; - err = br_ip4_multicast_add_group(br, port, ih->group, vid); ++ src = eth_hdr(skb)->h_source; + err = br_ip4_multicast_add_group(br, port, ih->group, vid, src); break; case IGMPV3_HOST_MEMBERSHIP_REPORT: err = br_ip4_multicast_igmp3_report(br, port, skb2, vid); -@@ -1638,7 +1664,7 @@ static int br_multicast_ipv4_rcv(struct +@@ -1638,7 +1667,8 @@ static int br_multicast_ipv4_rcv(struct err = br_ip4_multicast_query(br, port, skb2, vid); break; case IGMP_HOST_LEAVE_MESSAGE: - br_ip4_multicast_leave_group(br, port, ih->group, vid); ++ src = eth_hdr(skb)->h_source; + br_ip4_multicast_leave_group(br, port, ih->group, vid, src); break; } -@@ -1656,6 +1682,7 @@ static int br_multicast_ipv6_rcv(struct +@@ -1656,6 +1686,7 @@ static int br_multicast_ipv6_rcv(struct struct sk_buff *skb, u16 vid) { -+ const unsigned char *src = eth_hdr(skb)->h_source; ++ const unsigned char *src; struct sk_buff *skb2; const struct ipv6hdr *ip6h; u8 icmp6_type; -@@ -1765,7 +1792,8 @@ static int br_multicast_ipv6_rcv(struct +@@ -1765,7 +1796,9 @@ static int br_multicast_ipv6_rcv(struct } mld = (struct mld_msg *)skb_transport_header(skb2); BR_INPUT_SKB_CB(skb)->mrouters_only = 1; - err = br_ip6_multicast_add_group(br, port, &mld->mld_mca, vid); ++ src = eth_hdr(skb)->h_source; + err = br_ip6_multicast_add_group(br, port, &mld->mld_mca, vid, + src); break; } case ICMPV6_MLD2_REPORT: -@@ -1782,7 +1810,7 @@ static int br_multicast_ipv6_rcv(struct +@@ -1782,7 +1815,8 @@ static int br_multicast_ipv6_rcv(struct goto out; } mld = (struct mld_msg *)skb_transport_header(skb2); - br_ip6_multicast_leave_group(br, port, &mld->mld_mca, vid); ++ src = eth_hdr(skb)->h_source; + br_ip6_multicast_leave_group(br, port, &mld->mld_mca, vid, src); } } diff --git a/target/linux/generic/patches-4.1/645-bridge_multicast_to_unicast.patch b/target/linux/generic/patches-4.1/645-bridge_multicast_to_unicast.patch index 2167f8f861..6915599c6c 100644 --- a/target/linux/generic/patches-4.1/645-bridge_multicast_to_unicast.patch +++ b/target/linux/generic/patches-4.1/645-bridge_multicast_to_unicast.patch @@ -110,20 +110,21 @@ struct sk_buff *skb, u16 vid) { -+ const unsigned char *src = eth_hdr(skb)->h_source; ++ const unsigned char *src; struct igmpv3_report *ih; struct igmpv3_grec *grec; int i; -@@ -1009,7 +1032,7 @@ static int br_ip4_multicast_igmp3_report +@@ -1009,7 +1032,8 @@ static int br_ip4_multicast_igmp3_report continue; } - err = br_ip4_multicast_add_group(br, port, group, vid); ++ src = eth_hdr(skb)->h_source; + err = br_ip4_multicast_add_group(br, port, group, vid, src); if (err) break; } -@@ -1023,6 +1046,7 @@ static int br_ip6_multicast_mld2_report( +@@ -1023,6 +1047,7 @@ static int br_ip6_multicast_mld2_report( struct sk_buff *skb, u16 vid) { @@ -131,7 +132,7 @@ struct icmp6hdr *icmp6h; struct mld2_grec *grec; int i; -@@ -1071,7 +1095,7 @@ static int br_ip6_multicast_mld2_report( +@@ -1071,7 +1096,7 @@ static int br_ip6_multicast_mld2_report( } err = br_ip6_multicast_add_group(br, port, &grec->grec_mca, @@ -140,7 +141,7 @@ if (err) break; } -@@ -1407,7 +1431,8 @@ br_multicast_leave_group(struct net_brid +@@ -1407,7 +1432,8 @@ br_multicast_leave_group(struct net_brid struct net_bridge_port *port, struct br_ip *group, struct bridge_mcast_other_query *other_query, @@ -150,7 +151,7 @@ { struct net_bridge_mdb_htable *mdb; struct net_bridge_mdb_entry *mp; -@@ -1457,7 +1482,7 @@ br_multicast_leave_group(struct net_brid +@@ -1457,7 +1483,7 @@ br_multicast_leave_group(struct net_brid for (pp = &mp->ports; (p = mlock_dereference(*pp, br)) != NULL; pp = &p->next) { @@ -159,7 +160,7 @@ continue; rcu_assign_pointer(*pp, p->next); -@@ -1491,7 +1516,7 @@ br_multicast_leave_group(struct net_brid +@@ -1491,7 +1517,7 @@ br_multicast_leave_group(struct net_brid for (p = mlock_dereference(mp->ports, br); p != NULL; p = mlock_dereference(p->next, br)) { @@ -168,7 +169,7 @@ continue; if (!hlist_unhashed(&p->mglist) && -@@ -1509,8 +1534,8 @@ out: +@@ -1509,8 +1535,8 @@ out: static void br_ip4_multicast_leave_group(struct net_bridge *br, struct net_bridge_port *port, @@ -179,7 +180,7 @@ { struct br_ip br_group; struct bridge_mcast_own_query *own_query; -@@ -1525,14 +1550,14 @@ static void br_ip4_multicast_leave_group +@@ -1525,14 +1551,14 @@ static void br_ip4_multicast_leave_group br_group.vid = vid; br_multicast_leave_group(br, port, &br_group, &br->ip4_other_query, @@ -196,7 +197,7 @@ { struct br_ip br_group; struct bridge_mcast_own_query *own_query; -@@ -1547,7 +1572,7 @@ static void br_ip6_multicast_leave_group +@@ -1547,7 +1573,7 @@ static void br_ip6_multicast_leave_group br_group.vid = vid; br_multicast_leave_group(br, port, &br_group, &br->ip6_other_query, @@ -205,15 +206,21 @@ } #endif -@@ -1556,6 +1581,7 @@ static int br_multicast_ipv4_rcv(struct +@@ -1556,6 +1582,7 @@ static int br_multicast_ipv4_rcv(struct struct sk_buff *skb, u16 vid) { -+ const unsigned char *src = eth_hdr(skb)->h_source; ++ const unsigned char *src; struct sk_buff *skb2 = skb; const struct iphdr *iph; struct igmphdr *ih; -@@ -1629,7 +1655,7 @@ static int br_multicast_ipv4_rcv(struct +@@ -1624,12 +1651,13 @@ static int br_multicast_ipv4_rcv(struct + + BR_INPUT_SKB_CB(skb)->igmp = 1; + ih = igmp_hdr(skb2); ++ src = eth_hdr(skb)->h_source; + + switch (ih->type) { case IGMP_HOST_MEMBERSHIP_REPORT: case IGMPV2_HOST_MEMBERSHIP_REPORT: BR_INPUT_SKB_CB(skb)->mrouters_only = 1; @@ -222,7 +229,7 @@ break; case IGMPV3_HOST_MEMBERSHIP_REPORT: err = br_ip4_multicast_igmp3_report(br, port, skb2, vid); -@@ -1638,7 +1664,7 @@ static int br_multicast_ipv4_rcv(struct +@@ -1638,7 +1666,7 @@ static int br_multicast_ipv4_rcv(struct err = br_ip4_multicast_query(br, port, skb2, vid); break; case IGMP_HOST_LEAVE_MESSAGE: @@ -231,16 +238,19 @@ break; } -@@ -1656,6 +1682,7 @@ static int br_multicast_ipv6_rcv(struct +@@ -1656,6 +1684,7 @@ static int br_multicast_ipv6_rcv(struct struct sk_buff *skb, u16 vid) { -+ const unsigned char *src = eth_hdr(skb)->h_source; ++ const unsigned char *src; struct sk_buff *skb2; const struct ipv6hdr *ip6h; u8 icmp6_type; -@@ -1765,7 +1792,8 @@ static int br_multicast_ipv6_rcv(struct +@@ -1763,9 +1792,11 @@ static int br_multicast_ipv6_rcv(struct + err = -EINVAL; + goto out; } ++ src = eth_hdr(skb)->h_source; mld = (struct mld_msg *)skb_transport_header(skb2); BR_INPUT_SKB_CB(skb)->mrouters_only = 1; - err = br_ip6_multicast_add_group(br, port, &mld->mld_mca, vid); @@ -249,9 +259,11 @@ break; } case ICMPV6_MLD2_REPORT: -@@ -1782,7 +1810,7 @@ static int br_multicast_ipv6_rcv(struct +@@ -1781,8 +1812,9 @@ static int br_multicast_ipv6_rcv(struct + err = -EINVAL; goto out; } ++ src = eth_hdr(skb)->h_source; mld = (struct mld_msg *)skb_transport_header(skb2); - br_ip6_multicast_leave_group(br, port, &mld->mld_mca, vid); + br_ip6_multicast_leave_group(br, port, &mld->mld_mca, vid, src); -- 2.30.2