diff options
author | David Ward <david.ward@ll.mit.edu> | 2012-03-27 05:01:52 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2012-04-01 16:47:11 -0400 |
commit | 67378563df2e168d32a4054616f244a91aec462d (patch) | |
tree | ef7a14168f63eedbdcfdc0f3345d48dc21cbd352 /net/802 | |
parent | 54f5ffbf308828b588b9d1acd9a512d433be8a09 (diff) |
net/garp: avoid infinite loop if attribute already exists
An infinite loop occurred if garp_attr_create was called with the values
of an existing attribute. This might happen if a previous leave request
for the attribute has not yet been followed by a PDU transmission (or,
if the application previously issued a join request for the attribute
and is now issuing another one, without having issued a leave request).
If garp_attr_create finds an existing attribute having the same values,
return the address to it. Its state will then get updated (i.e., if it
was in a leaving state, it will move into a non-leaving state and not
get deleted during the next PDU transmission).
To accomplish this fix, collapse garp_attr_insert into garp_attr_create
(which is its only caller).
Thanks to Jorge Boncompte [DTI2] <jorge@dti2.net> for contributing to
this fix.
Signed-off-by: David Ward <david.ward@ll.mit.edu>
Acked-by: Jorge Boncompte [DTI2] <jorge@dti2.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/802')
-rw-r--r-- | net/802/garp.c | 22 |
1 files changed, 10 insertions, 12 deletions
diff --git a/net/802/garp.c b/net/802/garp.c index 8e21b6db3981..a5c224830439 100644 --- a/net/802/garp.c +++ b/net/802/garp.c | |||
@@ -167,7 +167,8 @@ static struct garp_attr *garp_attr_lookup(const struct garp_applicant *app, | |||
167 | return NULL; | 167 | return NULL; |
168 | } | 168 | } |
169 | 169 | ||
170 | static void garp_attr_insert(struct garp_applicant *app, struct garp_attr *new) | 170 | static struct garp_attr *garp_attr_create(struct garp_applicant *app, |
171 | const void *data, u8 len, u8 type) | ||
171 | { | 172 | { |
172 | struct rb_node *parent = NULL, **p = &app->gid.rb_node; | 173 | struct rb_node *parent = NULL, **p = &app->gid.rb_node; |
173 | struct garp_attr *attr; | 174 | struct garp_attr *attr; |
@@ -176,21 +177,16 @@ static void garp_attr_insert(struct garp_applicant *app, struct garp_attr *new) | |||
176 | while (*p) { | 177 | while (*p) { |
177 | parent = *p; | 178 | parent = *p; |
178 | attr = rb_entry(parent, struct garp_attr, node); | 179 | attr = rb_entry(parent, struct garp_attr, node); |
179 | d = garp_attr_cmp(attr, new->data, new->dlen, new->type); | 180 | d = garp_attr_cmp(attr, data, len, type); |
180 | if (d < 0) | 181 | if (d < 0) |
181 | p = &parent->rb_left; | 182 | p = &parent->rb_left; |
182 | else if (d > 0) | 183 | else if (d > 0) |
183 | p = &parent->rb_right; | 184 | p = &parent->rb_right; |
185 | else { | ||
186 | /* The attribute already exists; re-use it. */ | ||
187 | return attr; | ||
188 | } | ||
184 | } | 189 | } |
185 | rb_link_node(&new->node, parent, p); | ||
186 | rb_insert_color(&new->node, &app->gid); | ||
187 | } | ||
188 | |||
189 | static struct garp_attr *garp_attr_create(struct garp_applicant *app, | ||
190 | const void *data, u8 len, u8 type) | ||
191 | { | ||
192 | struct garp_attr *attr; | ||
193 | |||
194 | attr = kmalloc(sizeof(*attr) + len, GFP_ATOMIC); | 190 | attr = kmalloc(sizeof(*attr) + len, GFP_ATOMIC); |
195 | if (!attr) | 191 | if (!attr) |
196 | return attr; | 192 | return attr; |
@@ -198,7 +194,9 @@ static struct garp_attr *garp_attr_create(struct garp_applicant *app, | |||
198 | attr->type = type; | 194 | attr->type = type; |
199 | attr->dlen = len; | 195 | attr->dlen = len; |
200 | memcpy(attr->data, data, len); | 196 | memcpy(attr->data, data, len); |
201 | garp_attr_insert(app, attr); | 197 | |
198 | rb_link_node(&attr->node, parent, p); | ||
199 | rb_insert_color(&attr->node, &app->gid); | ||
202 | return attr; | 200 | return attr; |
203 | } | 201 | } |
204 | 202 | ||