Message ID | 20190218223011.4824-1-f.fainelli@gmail.com |
---|---|
State | Not Applicable |
Delegated to: | David Miller |
Headers | show |
Series | [net,v4.15..v4.19] net: dsa: Fix NPD checking for br_vlan_enabled() | expand |
From: Florian Fainelli <f.fainelli@gmail.com> Date: Mon, 18 Feb 2019 14:30:11 -0800 > It is possible for the DSA slave network device not to be part of a > bridge, yet have an upper device like a VLAN device be part of a bridge. > When that VLAN device is enslaved, since it does not define any > switchdev_ops, we will recurse down to the lower/physical port device, > call switchdev_port_obj_add() with a VLAN, and here we will check > br_vlan_enabled() on a NULL dp->bridge_dev, thus causing a NULL pointer > de-reference. > > This is no longer a problem upstream after commit d17d9f5e5143 > ("switchdev: Replace port obj add/del SDO with a notification"). > > Fixes: 2ea7a679ca2a ("net: dsa: Don't add vlans when vlan filtering is disabled") > Reported-by: Frank Wunderlich <frank-w@public-files.de> > Signed-off-by: Florian Fainelli <f.fainelli@gmail.com> > --- > David, > > This affects v4.15..v4.19, but not v5.0-rc1 can you still queue this up > for -stable? Thanks! Queued up.
diff --git a/net/dsa/port.c b/net/dsa/port.c index ed0595459df1..792a13068c50 100644 --- a/net/dsa/port.c +++ b/net/dsa/port.c @@ -255,7 +255,7 @@ int dsa_port_vlan_add(struct dsa_port *dp, if (netif_is_bridge_master(vlan->obj.orig_dev)) return -EOPNOTSUPP; - if (br_vlan_enabled(dp->bridge_dev)) + if (dp->bridge_dev && br_vlan_enabled(dp->bridge_dev)) return dsa_port_notify(dp, DSA_NOTIFIER_VLAN_ADD, &info); return 0; @@ -273,7 +273,7 @@ int dsa_port_vlan_del(struct dsa_port *dp, if (netif_is_bridge_master(vlan->obj.orig_dev)) return -EOPNOTSUPP; - if (br_vlan_enabled(dp->bridge_dev)) + if (dp->bridge_dev && br_vlan_enabled(dp->bridge_dev)) return dsa_port_notify(dp, DSA_NOTIFIER_VLAN_DEL, &info); return 0;
It is possible for the DSA slave network device not to be part of a bridge, yet have an upper device like a VLAN device be part of a bridge. When that VLAN device is enslaved, since it does not define any switchdev_ops, we will recurse down to the lower/physical port device, call switchdev_port_obj_add() with a VLAN, and here we will check br_vlan_enabled() on a NULL dp->bridge_dev, thus causing a NULL pointer de-reference. This is no longer a problem upstream after commit d17d9f5e5143 ("switchdev: Replace port obj add/del SDO with a notification"). Fixes: 2ea7a679ca2a ("net: dsa: Don't add vlans when vlan filtering is disabled") Reported-by: Frank Wunderlich <frank-w@public-files.de> Signed-off-by: Florian Fainelli <f.fainelli@gmail.com> --- David, This affects v4.15..v4.19, but not v5.0-rc1 can you still queue this up for -stable? Thanks! net/dsa/port.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)