• Eric Dumazet's avatar
    vxlan: test dev->flags & IFF_UP before calling netif_rx() · ffed570a
    Eric Dumazet authored
    [ Upstream commit 4179cb5a4c924cd233eaadd081882425bc98f44e ]
    
    netif_rx() must be called under a strict contract.
    
    At device dismantle phase, core networking clears IFF_UP
    and flush_all_backlogs() is called after rcu grace period
    to make sure no incoming packet might be in a cpu backlog
    and still referencing the device.
    
    Most drivers call netif_rx() from their interrupt handler,
    and since the interrupts are disabled at device dismantle,
    netif_rx() does not have to check dev->flags & IFF_UP
    
    Virtual drivers do not have this guarantee, and must
    therefore make the check themselves.
    
    Otherwise we risk use-after-free and/or crashes.
    
    Note this patch also fixes a small issue that came
    with commit ce6502a8 ("vxlan: fix a use after free
    in vxlan_encap_bypass"), since the dev->stats.rx_dropped
    change was done on the wrong device.
    
    Fixes: d342894c ("vxlan: virtual extensible lan")
    Fixes: ce6502a8 ("vxlan: fix a use after free in vxlan_encap_bypass")
    Signed-off-by: 's avatarEric Dumazet <edumazet@google.com>
    Cc: Petr Machata <petrm@mellanox.com>
    Cc: Ido Schimmel <idosch@mellanox.com>
    Cc: Roopa Prabhu <roopa@cumulusnetworks.com>
    Cc: Stefano Brivio <sbrivio@redhat.com>
    Signed-off-by: 's avatarDavid S. Miller <davem@davemloft.net>
    Signed-off-by: 's avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    ffed570a
Name
Last commit
Last update
Documentation Loading commit data...
arch Loading commit data...
block Loading commit data...
certs Loading commit data...
crypto Loading commit data...
drivers Loading commit data...
firmware Loading commit data...
fs Loading commit data...
include Loading commit data...
init Loading commit data...
ipc Loading commit data...
kernel Loading commit data...
lib Loading commit data...
mm Loading commit data...
net Loading commit data...
samples Loading commit data...
scripts Loading commit data...
security Loading commit data...
sound Loading commit data...
tools Loading commit data...
usr Loading commit data...
virt Loading commit data...
.get_maintainer.ignore Loading commit data...
.gitignore Loading commit data...
.mailmap Loading commit data...
COPYING Loading commit data...
CREDITS Loading commit data...
Kbuild Loading commit data...
Kconfig Loading commit data...
MAINTAINERS Loading commit data...
Makefile Loading commit data...
README Loading commit data...
REPORTING-BUGS Loading commit data...