summaryrefslogtreecommitdiffstats
path: root/net/tipc/msg.c
diff options
context:
space:
mode:
authorJon Paul Maloy <jon.maloy@ericsson.com>2015-03-27 15:19:19 +0100
committerDavid S. Miller <davem@davemloft.net>2015-03-29 22:47:36 +0200
commitd482994fca82380912b3a80201b74d5118ff0487 (patch)
tree42831f6ce50ea0c79fe958d71d9ec5fd02b51121 /net/tipc/msg.c
parentMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsh... (diff)
downloadlinux-d482994fca82380912b3a80201b74d5118ff0487.tar.xz
linux-d482994fca82380912b3a80201b74d5118ff0487.zip
tipc: fix two bugs in secondary destination lookup
A message sent to a node after a successful name table lookup may still find that the destination socket has disappeared, because distribution of name table updates is non-atomic. If so, the message will be rejected back to the sender with error code TIPC_ERR_NO_PORT. If the source socket of the message has disappeared in the meantime, the message should be dropped. However, in the currrent code, the message will instead be subject to an unwanted tertiary lookup, because the function tipc_msg_lookup_dest() doesn't check if there is an error code present in the message before performing the lookup. In the worst case, the message may now find the old destination again, and be redirected once more, instead of being dropped directly as it should be. A second bug in this function is that the "prev_node" field in the message is not updated after successful lookup, something that may have unpredictable consequences. The problems arising from those bugs occur very infrequently. The third change in this function; the test on msg_reroute_msg_cnt() is purely cosmetic, reflecting that the returned value never can be negative. This commit corrects the two bugs described above. Signed-off-by: Jon Maloy <jon.maloy@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/tipc/msg.c')
-rw-r--r--net/tipc/msg.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/net/tipc/msg.c b/net/tipc/msg.c
index 0c6dad8180a0..3bb499c61918 100644
--- a/net/tipc/msg.c
+++ b/net/tipc/msg.c
@@ -511,15 +511,18 @@ bool tipc_msg_lookup_dest(struct net *net, struct sk_buff *skb,
{
struct tipc_msg *msg = buf_msg(skb);
u32 dport;
+ u32 own_addr = tipc_own_addr(net);
if (!msg_isdata(msg))
return false;
if (!msg_named(msg))
return false;
+ if (msg_errcode(msg))
+ return false;
*err = -TIPC_ERR_NO_NAME;
if (skb_linearize(skb))
return false;
- if (msg_reroute_cnt(msg) > 0)
+ if (msg_reroute_cnt(msg))
return false;
*dnode = addr_domain(net, msg_lookup_scope(msg));
dport = tipc_nametbl_translate(net, msg_nametype(msg),
@@ -527,6 +530,8 @@ bool tipc_msg_lookup_dest(struct net *net, struct sk_buff *skb,
if (!dport)
return false;
msg_incr_reroute_cnt(msg);
+ if (*dnode != own_addr)
+ msg_set_prevnode(msg, own_addr);
msg_set_destnode(msg, *dnode);
msg_set_destport(msg, dport);
*err = TIPC_OK;