/[linux-patches]/genpatches-2.6/trunk/2.6.14/1459_15.5_netlink-severe-bug.patch
Gentoo

Contents of /genpatches-2.6/trunk/2.6.14/1459_15.5_netlink-severe-bug.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 328 - (show annotations) (download) (as text)
Tue Mar 14 13:34:17 2006 UTC (14 years, 8 months ago) by johnm
File MIME type: text/x-diff
File size: 3029 byte(s)
2.6.14-11, rebase against local tree
1 From: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
2 Date: Mon, 27 Feb 2006 08:28:32 +0000 (-0800)
3 Subject: [PATCH] Fix a severe bug
4 X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.15.y.git;a=commitdiff;h=9809ee9916825087a8729af4713ae9b555917ad5
5
6 [PATCH] Fix a severe bug
7
8 netlink overrun was broken while improvement of netlink.
9 Destination socket is used in the place where it was meant to be source socket,
10 so that now overrun is never sent to user netlink sockets, when it should be,
11 and it even can be set on kernel socket, which results in complete deadlock
12 of rtnetlink.
13
14 Suggested fix is to restore status quo passing source socket as additional
15 argument to netlink_attachskb().
16
17 A little explanation: overrun is set on a socket, when it failed
18 to receive some message and sender of this messages does not or even
19 have no way to handle this error. This happens in two cases:
20 1. when kernel sends something. Kernel never retransmits and cannot
21 wait for buffer space.
22 2. when user sends a broadcast and the message was not delivered
23 to some recipients.
24
25 Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
26 Signed-off-by: David S. Miller <davem@davemloft.net>
27 Signed-off-by: Chris Wright <chrisw@sous-sol.org>
28 ---
29
30 --- a/include/linux/netlink.h
31 +++ b/include/linux/netlink.h
32 @@ -160,7 +160,8 @@ extern int netlink_unregister_notifier(s
33
34 /* finegrained unicast helpers: */
35 struct sock *netlink_getsockbyfilp(struct file *filp);
36 -int netlink_attachskb(struct sock *sk, struct sk_buff *skb, int nonblock, long timeo);
37 +int netlink_attachskb(struct sock *sk, struct sk_buff *skb, int nonblock,
38 + long timeo, struct sock *ssk);
39 void netlink_detachskb(struct sock *sk, struct sk_buff *skb);
40 int netlink_sendskb(struct sock *sk, struct sk_buff *skb, int protocol);
41
42 --- a/ipc/mqueue.c
43 +++ b/ipc/mqueue.c
44 @@ -1017,7 +1017,8 @@ retry:
45 goto out;
46 }
47
48 - ret = netlink_attachskb(sock, nc, 0, MAX_SCHEDULE_TIMEOUT);
49 + ret = netlink_attachskb(sock, nc, 0,
50 + MAX_SCHEDULE_TIMEOUT, NULL);
51 if (ret == 1)
52 goto retry;
53 if (ret) {
54 --- a/net/netlink/af_netlink.c
55 +++ b/net/netlink/af_netlink.c
56 @@ -701,7 +701,8 @@ struct sock *netlink_getsockbyfilp(struc
57 * 0: continue
58 * 1: repeat lookup - reference dropped while waiting for socket memory.
59 */
60 -int netlink_attachskb(struct sock *sk, struct sk_buff *skb, int nonblock, long timeo)
61 +int netlink_attachskb(struct sock *sk, struct sk_buff *skb, int nonblock,
62 + long timeo, struct sock *ssk)
63 {
64 struct netlink_sock *nlk;
65
66 @@ -711,7 +712,7 @@ int netlink_attachskb(struct sock *sk, s
67 test_bit(0, &nlk->state)) {
68 DECLARE_WAITQUEUE(wait, current);
69 if (!timeo) {
70 - if (!nlk->pid)
71 + if (!ssk || nlk_sk(ssk)->pid == 0)
72 netlink_overrun(sk);
73 sock_put(sk);
74 kfree_skb(skb);
75 @@ -796,7 +797,7 @@ retry:
76 kfree_skb(skb);
77 return PTR_ERR(sk);
78 }
79 - err = netlink_attachskb(sk, skb, nonblock, timeo);
80 + err = netlink_attachskb(sk, skb, nonblock, timeo, ssk);
81 if (err == 1)
82 goto retry;
83 if (err)

  ViewVC Help
Powered by ViewVC 1.1.20