aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Ward <david.ward@ll.mit.edu>2012-03-27 05:01:52 -0400
committerDavid S. Miller <davem@davemloft.net>2012-04-01 16:47:11 -0400
commit67378563df2e168d32a4054616f244a91aec462d (patch)
treeef7a14168f63eedbdcfdc0f3345d48dc21cbd352
parent54f5ffbf308828b588b9d1acd9a512d433be8a09 (diff)
net/garp: avoid infinite loop if attribute already exists
An infinite loop occurred if garp_attr_create was called with the values of an existing attribute. This might happen if a previous leave request for the attribute has not yet been followed by a PDU transmission (or, if the application previously issued a join request for the attribute and is now issuing another one, without having issued a leave request). If garp_attr_create finds an existing attribute having the same values, return the address to it. Its state will then get updated (i.e., if it was in a leaving state, it will move into a non-leaving state and not get deleted during the next PDU transmission). To accomplish this fix, collapse garp_attr_insert into garp_attr_create (which is its only caller). Thanks to Jorge Boncompte [DTI2] <jorge@dti2.net> for contributing to this fix. Signed-off-by: David Ward <david.ward@ll.mit.edu> Acked-by: Jorge Boncompte [DTI2] <jorge@dti2.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/802/garp.c22
1 files changed, 10 insertions, 12 deletions
diff --git a/net/802/garp.c b/net/802/garp.c
index 8e21b6db3981..a5c224830439 100644
--- a/net/802/garp.c
+++ b/net/802/garp.c
@@ -167,7 +167,8 @@ static struct garp_attr *garp_attr_lookup(const struct garp_applicant *app,
167 return NULL; 167 return NULL;
168} 168}
169 169
170static void garp_attr_insert(struct garp_applicant *app, struct garp_attr *new) 170static struct garp_attr *garp_attr_create(struct garp_applicant *app,
171 const void *data, u8 len, u8 type)
171{ 172{
172 struct rb_node *parent = NULL, **p = &app->gid.rb_node; 173 struct rb_node *parent = NULL, **p = &app->gid.rb_node;
173 struct garp_attr *attr; 174 struct garp_attr *attr;
@@ -176,21 +177,16 @@ static void garp_attr_insert(struct garp_applicant *app, struct garp_attr *new)
176 while (*p) { 177 while (*p) {
177 parent = *p; 178 parent = *p;
178 attr = rb_entry(parent, struct garp_attr, node); 179 attr = rb_entry(parent, struct garp_attr, node);
179 d = garp_attr_cmp(attr, new->data, new->dlen, new->type); 180 d = garp_attr_cmp(attr, data, len, type);
180 if (d < 0) 181 if (d < 0)
181 p = &parent->rb_left; 182 p = &parent->rb_left;
182 else if (d > 0) 183 else if (d > 0)
183 p = &parent->rb_right; 184 p = &parent->rb_right;
185 else {
186 /* The attribute already exists; re-use it. */
187 return attr;
188 }
184 } 189 }
185 rb_link_node(&new->node, parent, p);
186 rb_insert_color(&new->node, &app->gid);
187}
188
189static struct garp_attr *garp_attr_create(struct garp_applicant *app,
190 const void *data, u8 len, u8 type)
191{
192 struct garp_attr *attr;
193
194 attr = kmalloc(sizeof(*attr) + len, GFP_ATOMIC); 190 attr = kmalloc(sizeof(*attr) + len, GFP_ATOMIC);
195 if (!attr) 191 if (!attr)
196 return attr; 192 return attr;
@@ -198,7 +194,9 @@ static struct garp_attr *garp_attr_create(struct garp_applicant *app,
198 attr->type = type; 194 attr->type = type;
199 attr->dlen = len; 195 attr->dlen = len;
200 memcpy(attr->data, data, len); 196 memcpy(attr->data, data, len);
201 garp_attr_insert(app, attr); 197
198 rb_link_node(&attr->node, parent, p);
199 rb_insert_color(&attr->node, &app->gid);
202 return attr; 200 return attr;
203} 201}
204 202