aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJin Dongming <jin.dongming@np.css.fujitsu.com>2009-10-09 01:44:47 -0400
committerDavid S. Miller <davem@davemloft.net>2009-10-09 01:44:47 -0400
commite0e6f55d298af03ab88bfe8455b671d29d78f426 (patch)
treee3642ba9fa3b38919fafaa6cfd0486dc86af6e8a
parent3758bf25db8caeec667e4e56e030da0ec3060529 (diff)
ipv6: Fix the size overflow of addrconf_sysctl array
(This patch fixes bug of commit f7734fdf61ec6bb848e0bafc1fb8bad2c124bb50 title "make TLLAO option for NA packets configurable") When the IPV6 conf is used, the function sysctl_set_parent is called and the array addrconf_sysctl is used as a parameter of the function. The above patch added new conf "force_tllao" into the array addrconf_sysctl, but the size of the array was not modified, the static allocated size is DEVCONF_MAX + 1 but the real size is DEVCONF_MAX + 2, so the problem is that the function sysctl_set_parent accessed wrong address. I got the following information. Call Trace: [<ffffffff8106085d>] sysctl_set_parent+0x29/0x3e [<ffffffff8106085d>] sysctl_set_parent+0x29/0x3e [<ffffffff8106085d>] sysctl_set_parent+0x29/0x3e [<ffffffff8106085d>] sysctl_set_parent+0x29/0x3e [<ffffffff8106085d>] sysctl_set_parent+0x29/0x3e [<ffffffff810622d5>] __register_sysctl_paths+0xde/0x272 [<ffffffff8110892d>] ? __kmalloc_track_caller+0x16e/0x180 [<ffffffffa00cfac3>] ? __addrconf_sysctl_register+0xc5/0x144 [ipv6] [<ffffffff8141f2c9>] register_net_sysctl_table+0x48/0x4b [<ffffffffa00cfaf5>] __addrconf_sysctl_register+0xf7/0x144 [ipv6] [<ffffffffa00cfc16>] addrconf_init_net+0xd4/0x104 [ipv6] [<ffffffff8139195f>] setup_net+0x35/0x82 [<ffffffff81391f6c>] copy_net_ns+0x76/0xe0 [<ffffffff8107ad60>] create_new_namespaces+0xf0/0x16e [<ffffffff8107afee>] copy_namespaces+0x65/0x9f [<ffffffff81056dff>] copy_process+0xb2c/0x12c3 [<ffffffff810576e1>] do_fork+0x14b/0x2d2 [<ffffffff8107ac4e>] ? up_read+0xe/0x10 [<ffffffff81438e73>] ? do_page_fault+0x27a/0x2aa [<ffffffff8101044b>] sys_clone+0x28/0x2a [<ffffffff81011fb3>] stub_clone+0x13/0x20 [<ffffffff81011c72>] ? system_call_fastpath+0x16/0x1b And the information of IPV6 in .config is as following. IPV6 in .config: CONFIG_IPV6=m CONFIG_IPV6_PRIVACY=y CONFIG_IPV6_ROUTER_PREF=y CONFIG_IPV6_ROUTE_INFO=y CONFIG_IPV6_OPTIMISTIC_DAD=y CONFIG_IPV6_MIP6=m CONFIG_IPV6_SIT=m # CONFIG_IPV6_SIT_6RD is not set CONFIG_IPV6_NDISC_NODETYPE=y CONFIG_IPV6_TUNNEL=m CONFIG_IPV6_MULTIPLE_TABLES=y CONFIG_IPV6_SUBTREES=y CONFIG_IPV6_MROUTE=y CONFIG_IPV6_PIMSM_V2=y # CONFIG_IP_VS_IPV6 is not set CONFIG_NF_CONNTRACK_IPV6=m CONFIG_IP6_NF_MATCH_IPV6HEADER=m I confirmed this patch fixes this problem. Signed-off-by: Jin Dongming <jin.dongming@np.css.fujitsu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--include/linux/ipv6.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h
index ae74ede1abe7..56404251248c 100644
--- a/include/linux/ipv6.h
+++ b/include/linux/ipv6.h
@@ -208,6 +208,7 @@ enum {
208 DEVCONF_MC_FORWARDING, 208 DEVCONF_MC_FORWARDING,
209 DEVCONF_DISABLE_IPV6, 209 DEVCONF_DISABLE_IPV6,
210 DEVCONF_ACCEPT_DAD, 210 DEVCONF_ACCEPT_DAD,
211 DEVCONF_FORCE_TLLAO,
211 DEVCONF_MAX 212 DEVCONF_MAX
212}; 213};
213 214