Hi,
here is a patch for 2.6.22.5, but AFAICS it is relevant
for 2.6.25 also.
Please CC me, I'm not on the list.
Best regards
Bodo
============================================================
There is a race condition when unloading bridge.ko
The problem happens if __fake_rtable is in use by a skb
coming in, while someone starts to unload bridge.ko.
br_netfilter_fini() is called at the beginning of unload
in br_deinit() while skbs still are being forwarded and
transferred to local ip stack. Thus there is a possibility
of the __fake_rtable pointer not being removed in a skb that
goes up to ip stack. This results in a kernel panic, as
ip_rcv() calls the input-function of __fake_rtable, which
is NULL.
Moving the call of br_netfilter_fini() to the end of
br_deinit() solves the problem.
Signed-off-by: Bodo Stroesser <[EMAIL PROTECTED]>
---
net/bridge/br.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: linux-2.6.22.5-31/net/bridge/br.c
===================================================================
--- linux-2.6.22.5-31.orig/net/bridge/br.c
+++ linux-2.6.22.5-31/net/bridge/br.c
@@ -74,7 +74,6 @@ static void __exit br_deinit(void)
rcu_assign_pointer(br_stp_sap->rcv_func, NULL);
br_netlink_fini();
- br_netfilter_fini();
unregister_netdevice_notifier(&br_device_notifier);
brioctl_set(NULL);
@@ -82,6 +81,7 @@ static void __exit br_deinit(void)
synchronize_net();
+ br_netfilter_fini();
llc_sap_put(br_stp_sap);
br_fdb_get_hook = NULL;
br_fdb_put_hook = NULL;
_______________________________________________
Bridge mailing list
[email protected]
https://lists.linux-foundation.org/mailman/listinfo/bridge
