netdev
[Top] [All Lists]

[PATCH] XFRM policy expire

To: "David S. Miller" <davem@xxxxxxxxxx>
Subject: [PATCH] XFRM policy expire
From: Michal Ludvig <mludvig@xxxxxxx>
Date: Tue, 24 Feb 2004 10:09:46 +0100
Cc: netdev@xxxxxxxxxxx
Organization: SuSE CR, s.r.o.
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.6) Gecko/20040113
Hi,

the attached patch fixes a bug in xfrm_send_policy_notify(). The space allocated in skb must include 'sizeof(struct xfrm_user_polexpire)', not 'sizeof(struct xfrm_userpolicy_info)' which is shorter. On ia32 it worked, probably because of some space gained from aligning. Unfortunately on amd64 it didn't and finally led to BUG() & kernel hangup.

Please apply.

BTW The second patch attached does some obvious cleanup: replaces RTA_ALIGN(RTA_LENGTH(x)) with RTA_SPACE(x) and ditto for NLMSG_*() macros. Apply on top of the first one or drop it. It's up to you.

Michal Ludvig
--
SUSE Labs                    mludvig@xxxxxxx | Cray is the only computer
(+420) 296.545.373        http://www.suse.cz | that runs an endless loop
Personal homepage http://www.logix.cz/michal | in just four hours.
diff -rup linux-2.6.2.vanilla/net/xfrm/xfrm_user.c 
linux-2.6.2/net/xfrm/xfrm_user.c
--- linux-2.6.2.vanilla/net/xfrm/xfrm_user.c    2004-02-04 04:43:56.000000000 
+0100
+++ linux-2.6.2/net/xfrm/xfrm_user.c    2004-02-24 09:47:42.325888560 +0100
@@ -1153,7 +1153,7 @@ static int xfrm_send_policy_notify(struc
 
        len = sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr;
        len = RTA_ALIGN(RTA_LENGTH(len));
-       len += NLMSG_ALIGN(NLMSG_LENGTH(sizeof(struct xfrm_userpolicy_info)));
+       len += NLMSG_ALIGN(NLMSG_LENGTH(sizeof(struct xfrm_user_polexpire)));
        skb = alloc_skb(len, GFP_ATOMIC);
        if (skb == NULL)
                return -ENOMEM;
diff -rup linux-2.6.2.vanilla/net/xfrm/xfrm_user.c 
linux-2.6.2/net/xfrm/xfrm_user.c
--- linux-2.6.2.vanilla/net/xfrm/xfrm_user.c    2004-02-04 04:43:56.000000000 
+0100
+++ linux-2.6.2/net/xfrm/xfrm_user.c    2004-02-24 10:09:37.839560352 +0100
@@ -1052,9 +1052,8 @@ static int xfrm_send_acquire(struct xfrm
        struct sk_buff *skb;
        size_t len;
 
-       len = RTA_LENGTH(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr);
-       len = RTA_ALIGN(len);
-       len += NLMSG_ALIGN(NLMSG_LENGTH(sizeof(struct xfrm_user_acquire)));
+       len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr);
+       len += NLMSG_SPACE(sizeof(struct xfrm_user_acquire));
        skb = alloc_skb(len, GFP_ATOMIC);
        if (skb == NULL)
                return -ENOMEM;
@@ -1151,9 +1150,8 @@ static int xfrm_send_policy_notify(struc
        struct sk_buff *skb;
        size_t len;
 
-       len = sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr;
-       len = RTA_ALIGN(RTA_LENGTH(len));
-       len += NLMSG_ALIGN(NLMSG_LENGTH(sizeof(struct xfrm_user_polexpire)));
+       len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr);
+       len += NLMSG_SPACE(sizeof(struct xfrm_user_polexpire));
        skb = alloc_skb(len, GFP_ATOMIC);
        if (skb == NULL)
                return -ENOMEM;
<Prev in Thread] Current Thread [Next in Thread>