On 9/29/24 15:36, Ido Schimmel wrote:
> When user space deletes a port from an MDB entry, the port is removed
> synchronously. If this was the last port in the entry and the entry is
> not joined by the host itself, then the entry is scheduled for deletion
> via a timer.
>
> The above means that it is possible for the MDB get netlink request to
> retrieve an empty entry which is scheduled for deletion. This is
> problematic as after deleting the last port in an entry, user space
> cannot rely on a non-zero return code from the MDB get request as an
> indication that the port was successfully removed.
>
> Fix by returning an error when the entry's port list is empty and the
> entry is not joined by the host.
>
> Fixes: 68b380a395a7 ("bridge: mcast: Add MDB get support")
> Reported-by: Jamie Bainbridge <jamie.bainbridge@xxxxxxxxx>
> Closes: https://lore.kernel.org/netdev/c92569919307749f879b9482b0f3e125b7d9d2e3.1726480066.git.jamie.bainbridge@xxxxxxxxx/
> Tested-by: Jamie Bainbridge <jamie.bainbridge@xxxxxxxxx>
> Signed-off-by: Ido Schimmel <idosch@xxxxxxxxxx>
> ---
> net/bridge/br_mdb.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
> index bc37e47ad829..1a52a0bca086 100644
> --- a/net/bridge/br_mdb.c
> +++ b/net/bridge/br_mdb.c
> @@ -1674,7 +1674,7 @@ int br_mdb_get(struct net_device *dev, struct nlattr *tb[], u32 portid, u32 seq,
> spin_lock_bh(&br->multicast_lock);
>
> mp = br_mdb_ip_get(br, &group);
> - if (!mp) {
> + if (!mp || (!mp->ports && !mp->host_joined)) {
> NL_SET_ERR_MSG_MOD(extack, "MDB entry not found");
> err = -ENOENT;
> goto unlock;
Acked-by: Nikolay Aleksandrov <razor@xxxxxxxxxxxxx>
