From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932289AbZJICie (ORCPT ); Thu, 8 Oct 2009 22:38:34 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1754200AbZJICia (ORCPT ); Thu, 8 Oct 2009 22:38:30 -0400 Received: from fgwmail7.fujitsu.co.jp ([192.51.44.37]:47447 "EHLO fgwmail7.fujitsu.co.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753848AbZJICi3 (ORCPT ); Thu, 8 Oct 2009 22:38:29 -0400 Message-ID: <4ACEA207.7010208@np.css.fujitsu.com> Date: Fri, 09 Oct 2009 11:37:59 +0900 From: Jin Dongming User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: LKLM Cc: Cosmin Ratiu , Octavian Purdila , "David S. Miller" , Kenji Kaneshige , Hidetoshi Seto Subject: [Patch-next] Fix the size overflow of addrconf_sysctl array Content-Type: text/plain; charset=ISO-2022-JP Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org (This patch fixes bug of commit f7734fdf61ec6bb848e0bafc1fb8bad2c124bb50 title "make TLLAO option for NA packets configurable") When the IPV6 conf is used, the function sysctl_set_parent is called and the array addrconf_sysctl is used as a parameter of the function. The above patch added new conf "force_tllao" into the array addrconf_sysctl, but the size of the array was not modified, the static allocated size is DEVCONF_MAX + 1 but the real size is DEVCONF_MAX + 2, so the problem is that the function sysctl_set_parent accessed wrong address. I got the following information. Call Trace: [] sysctl_set_parent+0x29/0x3e [] sysctl_set_parent+0x29/0x3e [] sysctl_set_parent+0x29/0x3e [] sysctl_set_parent+0x29/0x3e [] sysctl_set_parent+0x29/0x3e [] __register_sysctl_paths+0xde/0x272 [] ? __kmalloc_track_caller+0x16e/0x180 [] ? __addrconf_sysctl_register+0xc5/0x144 [ipv6] [] register_net_sysctl_table+0x48/0x4b [] __addrconf_sysctl_register+0xf7/0x144 [ipv6] [] addrconf_init_net+0xd4/0x104 [ipv6] [] setup_net+0x35/0x82 [] copy_net_ns+0x76/0xe0 [] create_new_namespaces+0xf0/0x16e [] copy_namespaces+0x65/0x9f [] copy_process+0xb2c/0x12c3 [] do_fork+0x14b/0x2d2 [] ? up_read+0xe/0x10 [] ? do_page_fault+0x27a/0x2aa [] sys_clone+0x28/0x2a [] stub_clone+0x13/0x20 [] ? system_call_fastpath+0x16/0x1b And the information of IPV6 in .config is as following. IPV6 in .config: CONFIG_IPV6=m CONFIG_IPV6_PRIVACY=y CONFIG_IPV6_ROUTER_PREF=y CONFIG_IPV6_ROUTE_INFO=y CONFIG_IPV6_OPTIMISTIC_DAD=y CONFIG_IPV6_MIP6=m CONFIG_IPV6_SIT=m # CONFIG_IPV6_SIT_6RD is not set CONFIG_IPV6_NDISC_NODETYPE=y CONFIG_IPV6_TUNNEL=m CONFIG_IPV6_MULTIPLE_TABLES=y CONFIG_IPV6_SUBTREES=y CONFIG_IPV6_MROUTE=y CONFIG_IPV6_PIMSM_V2=y # CONFIG_IP_VS_IPV6 is not set CONFIG_NF_CONNTRACK_IPV6=m CONFIG_IP6_NF_MATCH_IPV6HEADER=m I confirmed this patch fixes this problem. Signed-off-by: Jin Dongming --- include/linux/ipv6.h | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h index ae74ede..5640425 100644 --- a/include/linux/ipv6.h +++ b/include/linux/ipv6.h @@ -208,6 +208,7 @@ enum { DEVCONF_MC_FORWARDING, DEVCONF_DISABLE_IPV6, DEVCONF_ACCEPT_DAD, + DEVCONF_FORCE_TLLAO, DEVCONF_MAX }; -- 1.6.2.2