From: Greg Kroah-Hartman <gregkh@suse.de>
Date: Thu, 1 Oct 2009 20:42:45 +0000 (-0700)
Subject: .27 patch
X-Git-Tag: v2.6.27.36~16
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ef101263012efddd0b655632d815ef411686557c;p=thirdparty%2Fkernel%2Fstable-queue.git

.27 patch
---

diff --git a/queue-2.6.27/netfilter-bridge-refcount-fix.patch b/queue-2.6.27/netfilter-bridge-refcount-fix.patch
new file mode 100644
index 00000000000..1c0f9b4e3a2
--- /dev/null
+++ b/queue-2.6.27/netfilter-bridge-refcount-fix.patch
@@ -0,0 +1,42 @@
+From kaber@trash.net  Thu Oct  1 13:35:28 2009
+From: Patrick McHardy <kaber@trash.net>
+Date: Thu, 17 Sep 2009 13:58:29 +0200 (MEST)
+Subject: netfilter: bridge: refcount fix
+To: stable@kernel.org
+Cc: netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, Patrick McHardy <kaber@trash.net>, davem@davemloft.net
+Message-ID: <20090917115827.12728.41214.sendpatchset@x2.localnet>
+
+
+From: Patrick McHardy <kaber@trash.net>
+
+netfilter: bridge: refcount fix
+
+Upstream commit f3abc9b9:
+
+commit f216f082b2b37c4943f1e7c393e2786648d48f6f
+([NETFILTER]: bridge netfilter: deal with martians correctly)
+added a refcount leak on in_dev.
+
+Instead of using in_dev_get(), we can use __in_dev_get_rcu(),
+as netfilter hooks are running under rcu_read_lock(), as pointed
+by Patrick.
+
+Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/bridge/br_netfilter.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/bridge/br_netfilter.c
++++ b/net/bridge/br_netfilter.c
+@@ -358,7 +358,7 @@ static int br_nf_pre_routing_finish(stru
+ 				},
+ 				.proto = 0,
+ 			};
+-			struct in_device *in_dev = in_dev_get(dev);
++			struct in_device *in_dev = __in_dev_get_rcu(dev);
+ 
+ 			/* If err equals -EHOSTUNREACH the error is due to a
+ 			 * martian destination or due to the fact that
diff --git a/queue-2.6.27/series b/queue-2.6.27/series
index 4e183873859..a62f2ebf582 100644
--- a/queue-2.6.27/series
+++ b/queue-2.6.27/series
@@ -5,3 +5,4 @@ pcnet_cs-fix-misuse-of-the-equality-operator.patch
 fix-incorrect-stable-backport-to-bas_gigaset.patch
 net-ax25-fix-signed-comparison-in-the-sockopt-handler.patch
 net-make-the-copy-length-in-af_packet-sockopt-handler-unsigned.patch
+netfilter-bridge-refcount-fix.patch