On 2014/11/06 16:58, 박수현 wrote: >> -----Original Message----- >> From: Toshiaki Makita [mailto:makita.toshiaki@xxxxxxxxxxxxx] >> Sent: Thursday, November 06, 2014 4:07 PM >> To: 박수현; Stephen Hemminger; David S. Miller >> Cc: bridge@xxxxxxxxxxxxxxxxxxxxxxxxxx; netdev@xxxxxxxxxxxxxxx; linux- >> kernel@xxxxxxxxxxxxxxx >> Subject: Re: [PATCH] bridge: missing null bridge device check causing null >> pointer dereference (bugfix) >> >> On 2014/11/06 15:26, Su-Hyun Park wrote: >>> the bridge device can be null if the bridge is being deleted while >>> processing the packet, which causes the null pointer dereference in >> switch statement. >> >> How can this happen?? >> It is guarded by rcu. >> netdev_rx_handler_unregister() ensures rx_handler_data is non NULL. >> > > The RCU protect rx_handler_data, not the bridge member port. It can be NULL according to below code. > > static inline struct net_bridge_port *br_port_get_rcu(const struct net_device *dev) { > struct net_bridge_port *port = rcu_dereference(dev->rx_handler_data); > return br_port_exists(dev) ? port : NULL; > } Seems to have been fixed for a year. 716ec052d228 ("bridge: fix NULL pointer deref of br_port_get_rcu") Thanks, Toshiaki Makita
