Commit 67378563 authored by David Ward's avatar David Ward Committed by David S. Miller

net/garp: avoid infinite loop if attribute already exists

An infinite loop occurred if garp_attr_create was called with the values
of an existing attribute. This might happen if a previous leave request
for the attribute has not yet been followed by a PDU transmission (or,
if the application previously issued a join request for the attribute
and is now issuing another one, without having issued a leave request).

If garp_attr_create finds an existing attribute having the same values,
return the address to it. Its state will then get updated (i.e., if it
was in a leaving state, it will move into a non-leaving state and not
get deleted during the next PDU transmission).

To accomplish this fix, collapse garp_attr_insert into garp_attr_create
(which is its only caller).

Thanks to Jorge Boncompte [DTI2] <jorge@dti2.net> for contributing to
this fix.
Signed-off-by: default avatarDavid Ward <david.ward@ll.mit.edu>
Acked-by: default avatarJorge Boncompte [DTI2] <jorge@dti2.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 54f5ffbf
...@@ -167,7 +167,8 @@ static struct garp_attr *garp_attr_lookup(const struct garp_applicant *app, ...@@ -167,7 +167,8 @@ static struct garp_attr *garp_attr_lookup(const struct garp_applicant *app,
return NULL; return NULL;
} }
static void garp_attr_insert(struct garp_applicant *app, struct garp_attr *new) static struct garp_attr *garp_attr_create(struct garp_applicant *app,
const void *data, u8 len, u8 type)
{ {
struct rb_node *parent = NULL, **p = &app->gid.rb_node; struct rb_node *parent = NULL, **p = &app->gid.rb_node;
struct garp_attr *attr; struct garp_attr *attr;
...@@ -176,21 +177,16 @@ static void garp_attr_insert(struct garp_applicant *app, struct garp_attr *new) ...@@ -176,21 +177,16 @@ static void garp_attr_insert(struct garp_applicant *app, struct garp_attr *new)
while (*p) { while (*p) {
parent = *p; parent = *p;
attr = rb_entry(parent, struct garp_attr, node); attr = rb_entry(parent, struct garp_attr, node);
d = garp_attr_cmp(attr, new->data, new->dlen, new->type); d = garp_attr_cmp(attr, data, len, type);
if (d < 0) if (d < 0)
p = &parent->rb_left; p = &parent->rb_left;
else if (d > 0) else if (d > 0)
p = &parent->rb_right; p = &parent->rb_right;
else {
/* The attribute already exists; re-use it. */
return attr;
}
} }
rb_link_node(&new->node, parent, p);
rb_insert_color(&new->node, &app->gid);
}
static struct garp_attr *garp_attr_create(struct garp_applicant *app,
const void *data, u8 len, u8 type)
{
struct garp_attr *attr;
attr = kmalloc(sizeof(*attr) + len, GFP_ATOMIC); attr = kmalloc(sizeof(*attr) + len, GFP_ATOMIC);
if (!attr) if (!attr)
return attr; return attr;
...@@ -198,7 +194,9 @@ static struct garp_attr *garp_attr_create(struct garp_applicant *app, ...@@ -198,7 +194,9 @@ static struct garp_attr *garp_attr_create(struct garp_applicant *app,
attr->type = type; attr->type = type;
attr->dlen = len; attr->dlen = len;
memcpy(attr->data, data, len); memcpy(attr->data, data, len);
garp_attr_insert(app, attr);
rb_link_node(&attr->node, parent, p);
rb_insert_color(&attr->node, &app->gid);
return attr; return attr;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment