Skip to content

Commit

Permalink
netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in br_va…
Browse files Browse the repository at this point in the history 
…lidate_ipv6

The commit efb6de9 "netfilter: bridge:
forward IPv6 fragmented packets" introduced a new function
br_validate_ipv6 which take a reference on the inet6 device. Although,
the reference is not released at the end.

This will result to the impossibility to destroy any netdevice using
ipv6 and bridge.

It's possible to directly retrieve the inet6 device without taking a
reference as all netfilter hooks are protected by rcu_read_lock via
nf_hook_slow.

Spotted while trying to destroy a Xen guest on the upstream Linux:
"unregister_netdevice: waiting for vif1.0 to become free. Usage count = 1"

Signed-off-by: Julien Grall <julien.grall@citrix.com>
Cc: Bernhard Thaler <bernhard.thaler@wvnet.at>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: fw@strlen.de
Cc: ian.campbell@citrix.com
Cc: wei.liu2@citrix.com
Cc: Bob Liu <bob.liu@oracle.com>
Acked-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  • Loading branch information
Julien Grall authored and Pablo Neira Ayuso committed Jul 8, 2015
1 parent 91c269a commit 86e8971
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion net/bridge/br_netfilter_ipv6.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ int br_validate_ipv6(struct sk_buff *skb)
{
const struct ipv6hdr *hdr;
struct net_device *dev = skb->dev;
struct inet6_dev *idev = in6_dev_get(skb->dev);
struct inet6_dev *idev = __in6_dev_get(skb->dev);
u32 pkt_len;
u8 ip6h_len = sizeof(struct ipv6hdr);

Expand Down

0 comments on commit 86e8971

Please sign in to comment.