Julien Grall
2015-Jul-03 18:01 UTC
[Bridge] [PATCH] net/bridge: Add missing in6_dev_put in br_validate_ipv6
The commit efb6de9b4ba0092b2c55f6a52d16294a8a698edd "netfilter: bridge:
forward IPv6 fragmented packets" introduced a new function
br_validate_ipv6 which take a reference on the inet6 device. Although,
the reference is not released at the end.
This will result to the impossibility to destroy any netdevice using
ipv6 and bridge.
Spotted while trying to destroy a Xen guest on the upstream Linux:
"unregister_netdevice: waiting for vif1.0 to become free. Usage count =
1"
Signed-off-by: Julien Grall <julien.grall at citrix.com>
Cc: Bernhard Thaler <bernhard.thaler at wvnet.at>
Cc: Pablo Neira Ayuso <pablo at netfilter.org>
Cc: fw at strlen.de
Cc: ian.campbell at citrix.com
Cc: wei.liu2 at citrix.com
---
Note that it's impossible to create new guest after this message.
I'm not sure if it's normal.
---
net/bridge/br_netfilter_ipv6.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/net/bridge/br_netfilter_ipv6.c b/net/bridge/br_netfilter_ipv6.c
index 6d12d26..7046e19 100644
--- a/net/bridge/br_netfilter_ipv6.c
+++ b/net/bridge/br_netfilter_ipv6.c
@@ -140,11 +140,16 @@ int br_validate_ipv6(struct sk_buff *skb)
/* No IP options in IPv6 header; however it should be
* checked if some next headers need special treatment
*/
+
+ in6_dev_put(idev);
+
return 0;
inhdr_error:
IP6_INC_STATS_BH(dev_net(dev), idev, IPSTATS_MIB_INHDRERRORS);
drop:
+ in6_dev_put(idev);
+
return -1;
}
--
2.1.4
Florian Westphal
2015-Jul-03 20:42 UTC
[Bridge] [PATCH] net/bridge: Add missing in6_dev_put in br_validate_ipv6
Julien Grall <julien.grall at citrix.com> wrote:> The commit efb6de9b4ba0092b2c55f6a52d16294a8a698edd "netfilter: bridge: > forward IPv6 fragmented packets" introduced a new function > br_validate_ipv6 which take a reference on the inet6 device. Although, > the reference is not released at the end. > > This will result to the impossibility to destroy any netdevice using > ipv6 and bridge. > > Spotted while trying to destroy a Xen guest on the upstream Linux: > "unregister_netdevice: waiting for vif1.0 to become free. Usage count = 1"Ugh :-/ I think it makes more sense to use __in6_dev_get() instead which doesn't take a reference.
Bob Liu
2015-Jul-06 09:58 UTC
[Bridge] [Xen-devel] [PATCH] net/bridge: Add missing in6_dev_put in br_validate_ipv6
On 07/04/2015 02:01 AM, Julien Grall wrote:> The commit efb6de9b4ba0092b2c55f6a52d16294a8a698edd "netfilter: bridge: > forward IPv6 fragmented packets" introduced a new function > br_validate_ipv6 which take a reference on the inet6 device. Although, > the reference is not released at the end. > > This will result to the impossibility to destroy any netdevice using > ipv6 and bridge. > > Spotted while trying to destroy a Xen guest on the upstream Linux: > "unregister_netdevice: waiting for vif1.0 to become free. Usage count = 1" > > Signed-off-by: Julien Grall <julien.grall at citrix.com>Also hit the same issue, thank you for the fix. Tested-by: Bob Liu <bob.liu at oracle.com>> Cc: Bernhard Thaler <bernhard.thaler at wvnet.at> > Cc: Pablo Neira Ayuso <pablo at netfilter.org> > Cc: fw at strlen.de > Cc: ian.campbell at citrix.com > Cc: wei.liu2 at citrix.com > > --- > Note that it's impossible to create new guest after this message. > I'm not sure if it's normal. > --- > net/bridge/br_netfilter_ipv6.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/net/bridge/br_netfilter_ipv6.c b/net/bridge/br_netfilter_ipv6.c > index 6d12d26..7046e19 100644 > --- a/net/bridge/br_netfilter_ipv6.c > +++ b/net/bridge/br_netfilter_ipv6.c > @@ -140,11 +140,16 @@ int br_validate_ipv6(struct sk_buff *skb) > /* No IP options in IPv6 header; however it should be > * checked if some next headers need special treatment > */ > + > + in6_dev_put(idev); > + > return 0; > > inhdr_error: > IP6_INC_STATS_BH(dev_net(dev), idev, IPSTATS_MIB_INHDRERRORS); > drop: > + in6_dev_put(idev); > + > return -1; > } > >