From: Nikolay Aleksandrov <[email protected]> Date: Mon, 12 Oct 2015 17:55:55 +0200
> From: Nikolay Aleksandrov <[email protected]> > > commit c62987bbd8a1 ("bridge: push bridge setting ageing_time down to > switchdev") introduced a timer race condition because the gc_timer can > get rearmed after it's supposedly stopped and flushed in br_dev_delete() > leading to a use of freed memory. So take rtnl to sync with bridge > destruction when setting ageing_timer. > Here's the trace reproduced with these two commands running in parallel: > while :; do echo 10000 > /sys/class/net/br0/bridge/ageing_timer; done; > while :; do brctl addbr br0; ip l set br0 up; ip l set br0 down; > brctl delbr br0; done; ... > Fixes: c62987bbd8a1 ("bridge: push bridge setting ageing_time down to > switchdev") > Signed-off-by: Nikolay Aleksandrov <[email protected]> Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
