From: Linus Lüssing Date: Sat, 5 Sep 2015 03:11:34 +0200 Subject: kernel: bridge, multicast-to-unicast: assign src after pskb_may_pull() A call to pskb_may_pull() might reallocate skb->data. Therefore we should only assign the src-pointer after any potential reallocations. Signed-off-by: Linus Lüssing Signed-off-by: Felix Fietkau git-svn-id: svn://svn.openwrt.org/openwrt/trunk@46721 3c298f89-4303-0410-b956-a3cf2f4a3e73 diff --git a/target/linux/generic/patches-3.18/645-bridge_multicast_to_unicast.patch b/target/linux/generic/patches-3.18/645-bridge_multicast_to_unicast.patch index 8c436e0..6707b03 100644 --- a/target/linux/generic/patches-3.18/645-bridge_multicast_to_unicast.patch +++ b/target/linux/generic/patches-3.18/645-bridge_multicast_to_unicast.patch @@ -100,37 +100,40 @@ struct sk_buff *skb, u16 vid) { -+ const unsigned char *src = eth_hdr(skb)->h_source; ++ const unsigned char *src; struct igmpv3_report *ih; struct igmpv3_grec *grec; int i; -@@ -1008,7 +1031,7 @@ static int br_ip4_multicast_igmp3_report +@@ -1008,7 +1031,8 @@ static int br_ip4_multicast_igmp3_report continue; } - err = br_ip4_multicast_add_group(br, port, group, vid); ++ src = eth_hdr(skb)->h_source; + err = br_ip4_multicast_add_group(br, port, group, vid, src); if (err) break; } -@@ -1022,6 +1045,7 @@ static int br_ip6_multicast_mld2_report( +@@ -1022,6 +1046,7 @@ static int br_ip6_multicast_mld2_report( struct sk_buff *skb, u16 vid) { -+ const unsigned char *src = eth_hdr(skb)->h_source; ++ const unsigned char *src; struct icmp6hdr *icmp6h; struct mld2_grec *grec; int i; -@@ -1070,7 +1094,7 @@ static int br_ip6_multicast_mld2_report( +@@ -1069,8 +1094,9 @@ static int br_ip6_multicast_mld2_report( + continue; } ++ src = eth_hdr(skb)->h_source; err = br_ip6_multicast_add_group(br, port, &grec->grec_mca, - vid); + vid, src); if (err) break; } -@@ -1406,7 +1430,8 @@ br_multicast_leave_group(struct net_brid +@@ -1406,7 +1432,8 @@ br_multicast_leave_group(struct net_brid struct net_bridge_port *port, struct br_ip *group, struct bridge_mcast_other_query *other_query, @@ -140,7 +143,7 @@ { struct net_bridge_mdb_htable *mdb; struct net_bridge_mdb_entry *mp; -@@ -1456,7 +1481,7 @@ br_multicast_leave_group(struct net_brid +@@ -1456,7 +1483,7 @@ br_multicast_leave_group(struct net_brid for (pp = &mp->ports; (p = mlock_dereference(*pp, br)) != NULL; pp = &p->next) { @@ -149,7 +152,7 @@ continue; rcu_assign_pointer(*pp, p->next); -@@ -1490,7 +1515,7 @@ br_multicast_leave_group(struct net_brid +@@ -1490,7 +1517,7 @@ br_multicast_leave_group(struct net_brid for (p = mlock_dereference(mp->ports, br); p != NULL; p = mlock_dereference(p->next, br)) { @@ -158,7 +161,7 @@ continue; if (!hlist_unhashed(&p->mglist) && -@@ -1508,8 +1533,8 @@ out: +@@ -1508,8 +1535,8 @@ out: static void br_ip4_multicast_leave_group(struct net_bridge *br, struct net_bridge_port *port, @@ -169,7 +172,7 @@ { struct br_ip br_group; struct bridge_mcast_own_query *own_query; -@@ -1524,14 +1549,14 @@ static void br_ip4_multicast_leave_group +@@ -1524,14 +1551,14 @@ static void br_ip4_multicast_leave_group br_group.vid = vid; br_multicast_leave_group(br, port, &br_group, &br->ip4_other_query, @@ -186,7 +189,7 @@ { struct br_ip br_group; struct bridge_mcast_own_query *own_query; -@@ -1546,7 +1571,7 @@ static void br_ip6_multicast_leave_group +@@ -1546,7 +1573,7 @@ static void br_ip6_multicast_leave_group br_group.vid = vid; br_multicast_leave_group(br, port, &br_group, &br->ip6_other_query, @@ -195,41 +198,43 @@ } #endif -@@ -1555,6 +1580,7 @@ static int br_multicast_ipv4_rcv(struct +@@ -1555,6 +1582,7 @@ static int br_multicast_ipv4_rcv(struct struct sk_buff *skb, u16 vid) { -+ const unsigned char *src = eth_hdr(skb)->h_source; ++ const unsigned char *src; struct sk_buff *skb2 = skb; const struct iphdr *iph; struct igmphdr *ih; -@@ -1628,7 +1654,7 @@ static int br_multicast_ipv4_rcv(struct +@@ -1628,7 +1656,8 @@ static int br_multicast_ipv4_rcv(struct case IGMP_HOST_MEMBERSHIP_REPORT: case IGMPV2_HOST_MEMBERSHIP_REPORT: BR_INPUT_SKB_CB(skb)->mrouters_only = 1; - err = br_ip4_multicast_add_group(br, port, ih->group, vid); ++ src = eth_hdr(skb)->h_source; + err = br_ip4_multicast_add_group(br, port, ih->group, vid, src); break; case IGMPV3_HOST_MEMBERSHIP_REPORT: err = br_ip4_multicast_igmp3_report(br, port, skb2, vid); -@@ -1637,7 +1663,7 @@ static int br_multicast_ipv4_rcv(struct +@@ -1637,7 +1666,8 @@ static int br_multicast_ipv4_rcv(struct err = br_ip4_multicast_query(br, port, skb2, vid); break; case IGMP_HOST_LEAVE_MESSAGE: - br_ip4_multicast_leave_group(br, port, ih->group, vid); ++ src = eth_hdr(skb)->h_source; + br_ip4_multicast_leave_group(br, port, ih->group, vid, src); break; } -@@ -1655,6 +1681,7 @@ static int br_multicast_ipv6_rcv(struct +@@ -1655,6 +1685,7 @@ static int br_multicast_ipv6_rcv(struct struct sk_buff *skb, u16 vid) { -+ const unsigned char *src = eth_hdr(skb)->h_source; ++ const unsigned char *src; struct sk_buff *skb2; const struct ipv6hdr *ip6h; u8 icmp6_type; -@@ -1764,7 +1791,8 @@ static int br_multicast_ipv6_rcv(struct +@@ -1764,7 +1795,8 @@ static int br_multicast_ipv6_rcv(struct } mld = (struct mld_msg *)skb_transport_header(skb2); BR_INPUT_SKB_CB(skb)->mrouters_only = 1; @@ -239,11 +244,12 @@ break; } case ICMPV6_MLD2_REPORT: -@@ -1781,7 +1809,7 @@ static int br_multicast_ipv6_rcv(struct +@@ -1781,7 +1813,8 @@ static int br_multicast_ipv6_rcv(struct goto out; } mld = (struct mld_msg *)skb_transport_header(skb2); - br_ip6_multicast_leave_group(br, port, &mld->mld_mca, vid); ++ src = eth_hdr(skb)->h_source; + br_ip6_multicast_leave_group(br, port, &mld->mld_mca, vid, src); } }