net: bridge: delete local fdb on device init failure

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

On initialization failure we have to delete the local fdb which was
inserted due to the default pvid creation. This problem has been present
since the inception of default_pvid. Note that currently there are 2 cases:
1) in br_dev_init() when br_multicast_init() fails
2) if register_netdevice() fails after calling ndo_init()

This patch takes care of both since br_vlan_flush() is called on both
occasions. Also the new fdb delete would be a no-op on normal bridge
device destruction since the local fdb would've been already flushed by
br_dev_delete(). This is not an issue for ports since nbp_vlan_init() is
called last when adding a port thus nothing can fail after it.

Reported-by: syzbot+88533dc8b582309bf3ee@syzkaller.appspotmail.com
Fixes: 5be5a2df40f0 ("bridge: Add filtering support for default_pvid")
Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Nikolay Aleksandrov and committed by

David S. Miller 6 years ago d7bae09f 051c7b39

1 changed file

expand all

net

bridge

br_vlan.c

net/bridge/br_vlan.c

··· 715 715 716 716 ASSERT_RTNL(); 717 717 718 + /* delete auto-added default pvid local fdb before flushing vlans 719 + * otherwise it will be leaked on bridge device init failure 720 + */ 721 + br_fdb_delete_by_port(br, NULL, 0, 1); 722 + 718 723 vg = br_vlan_group(br); 719 724 __vlan_flush(vg); 720 725 RCU_INIT_POINTER(br->vlgrp, NULL);