From: Nikolay Aleksandrov <[email protected]>
Hi,
These two fixes take care of tunnel_dst problems in the vlan tunnel egress
path. Patch 01 fixes a null ptr deref due to the lockless use of tunnel_dst
pointer without checking it first, and patch 02 fixes a use-after-free
issue due to wrong dst refcounting (dst_clone() -> dst_hold_safe()).
Both fix the same commit and should be queued for stable backports:
Fixes: 11538d039ac6 ("bridge: vlan dst_metadata hooks in ingress and egress
paths")
v2: no changes, added stable list to CC
Thanks,
Nik
Nikolay Aleksandrov (2):
net: bridge: fix vlan tunnel dst null pointer dereference
net: bridge: fix vlan tunnel dst refcnt when egressing
net/bridge/br_private.h | 4 ++--
net/bridge/br_vlan_tunnel.c | 38 +++++++++++++++++++++++--------------
2 files changed, 26 insertions(+), 16 deletions(-)
--
2.31.1
