1. 26 4月, 2007 25 次提交
  2. 25 4月, 2007 2 次提交
  3. 14 4月, 2007 1 次提交
  4. 07 4月, 2007 1 次提交
  5. 05 4月, 2007 1 次提交
  6. 03 4月, 2007 1 次提交
    • Y
      [IPv6]: Fix incorrect length check in rawv6_sendmsg() · b59e139b
      YOSHIFUJI Hideaki 提交于
      In article <20070329.142644.70222545.davem@davemloft.net> (at Thu, 29 Mar 2007 14:26:44 -0700 (PDT)), David Miller <davem@davemloft.net> says:
      
      > From: Sridhar Samudrala <sri@us.ibm.com>
      > Date: Thu, 29 Mar 2007 14:17:28 -0700
      >
      > > The check for length in rawv6_sendmsg() is incorrect.
      > > As len is an unsigned int, (len < 0) will never be TRUE.
      > > I think checking for IPV6_MAXPLEN(65535) is better.
      > >
      > > Is it possible to send ipv6 jumbo packets using raw
      > > sockets? If so, we can remove this check.
      >
      > I don't see why such a limitation against jumbo would exist,
      > does anyone else?
      >
      > Thanks for catching this Sridhar.  A good compiler should simply
      > fail to compile "if (x < 0)" when 'x' is an unsigned type, don't
      > you think :-)
      
      Dave, we use "int" for returning value,
      so we should fix this anyway, IMHO;
      we should not allow len > INT_MAX.
      Signed-off-by: NYOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
      Acked-by: NSridhar Samudrala <sri@us.ibm.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b59e139b
  7. 28 3月, 2007 1 次提交
  8. 26 3月, 2007 2 次提交
    • D
      [IPV6]: Fix routing round-robin locking. · f11e6659
      David S. Miller 提交于
      As per RFC2461, section 6.3.6, item #2, when no routers on the
      matching list are known to be reachable or probably reachable we
      do round robin on those available routes so that we make sure
      to probe as many of them as possible to detect when one becomes
      reachable faster.
      
      Each routing table has a rwlock protecting the tree and the linked
      list of routes at each leaf.  The round robin code executes during
      lookup and thus with the rwlock taken as a reader.  A small local
      spinlock tries to provide protection but this does not work at all
      for two reasons:
      
      1) The round-robin list manipulation, as coded, goes like this (with
         read lock held):
      
      	walk routes finding head and tail
      
      	spin_lock();
      	rotate list using head and tail
      	spin_unlock();
      
         While one thread is rotating the list, another thread can
         end up with stale values of head and tail and then proceed
         to corrupt the list when it gets the lock.  This ends up causing
         the OOPS in fib6_add() later onthat many people have been hitting.
      
      2) All the other code paths that run with the rwlock held as
         a reader do not expect the list to change on them, they
         expect it to remain completely fixed while they hold the
         lock in that way.
      
      So, simply stated, it is impossible to implement this correctly using
      a manipulation of the list without violating the rwlock locking
      semantics.
      
      Reimplement using a per-fib6_node round-robin pointer.  This way we
      don't need to manipulate the list at all, and since the round-robin
      pointer can only ever point to real existing entries we don't need
      to perform any locking on the changing of the round-robin pointer
      itself.  We only need to reset the round-robin pointer to NULL when
      the entry it is pointing to is removed.
      
      The idea is from Thomas Graf and it is very similar to how this
      was implemented before the advanced router selection code when in.
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f11e6659
    • T
      [NET]: Fix fib_rules compatibility breakage · e1701c68
      Thomas Graf 提交于
      Based upon a patch from Patrick McHardy.
      
      The fib_rules netlink attribute policy introduced in 2.6.19 broke
      userspace compatibilty. When specifying a rule with "from all"
      or "to all", iproute adds a zero byte long netlink attribute,
      but the policy requires all addresses to have a size equal to
      sizeof(struct in_addr)/sizeof(struct in6_addr), resulting in a
      validation error.
      
      Check attribute length of FRA_SRC/FRA_DST in the generic framework
      by letting the family specific rules implementation provide the
      length of an address. Report an error if address length is non
      zero but no address attribute is provided. Fix actual bug by
      checking address length for non-zero instead of relying on
      availability of attribute.
      Signed-off-by: NThomas Graf <tgraf@suug.ch>
      Signed-off-by: NPatrick McHardy <kaber@trash.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e1701c68
  9. 23 3月, 2007 1 次提交
  10. 17 3月, 2007 1 次提交
  11. 10 3月, 2007 2 次提交
  12. 08 3月, 2007 2 次提交