Hi,
I have recently discovered that kernel 3.12.10 is occasionally crashing
due to NULL pointer dereference in function br_handle_frame when we
reconfigure the bridge, because function br_port_get_rcu returns NULL.
It is very hard for us to replicate this issue, because it happens about
once per month in our testing environment, but I have created the
attached patch. Can you please check it? The latest kernel seems to be
affected too.
Best regards
Tomas
diff --exclude CVS --exclude .git -uNr linux-3.12.10/net/bridge/br_input.c
linux-3.12.10.modified/net/bridge/br_input.c
--- linux-3.12.10/net/bridge/br_input.c 2014-03-31 03:41:44.000000000 +0200
+++ linux-3.12.10.modified/net/bridge/br_input.c 2019-02-15
10:51:23.376424560 +0100
@@ -174,6 +174,8 @@
return RX_HANDLER_CONSUMED;
p = br_port_get_rcu(skb->dev);
+ if (!p)
+ return RX_HANDLER_PASS;
if (unlikely(is_link_local_ether_addr(dest))) {
/*
