[PATCH 0/3] TIPC updates

[PATCH 0/3] TIPC updates

[Per Liden]

This patch set includes three fixes/cleanups. Please see each individual 
patch for further description.

Please pull from:

 git://tipc.cslab.ericsson.net/pub/git/tipc.git

 (rebased on linux/kernel/git/davem/net-2.6.git)

Summary:

 net/tipc/core.c |    3 ++-
 net/tipc/link.c |   11 ++++++-----
 net/tipc/node.c |   26 +++++++++++++++++---------
 net/tipc/zone.h |    4 ++--
 4 files changed, 27 insertions(+), 17 deletions(-)

Allan Stephens:
      [TIPC] Fixed skb_under_panic caused by tipc_link_bundle_buf
      [TIPC] Improve response to requests for node/link information
      [TIPC] Initial activation message now includes TIPC version number

/Per

[PATCH 1/3] [TIPC] Fixed skb_under_panic caused by tipc_link_bundle_buf

[Per Liden]

From: Allan Stephens <allan.stephens@windriver.com>

Now determines tailroom of bundle buffer by directly inspection of buffer.
Previously, buffer was assumed to have a max capacity equal to the link MTU,
but the addition of link MTU negotiation means that the link MTU can increase
after the bundle buffer is allocated.

Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: Per Liden <per.liden@ericsson.com>
---
 net/tipc/link.c |   11 ++++++-----
 1 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/net/tipc/link.c b/net/tipc/link.c
index d646580..c6831c7 100644
--- a/net/tipc/link.c
+++ b/net/tipc/link.c
@@ -2,7 +2,7 @@
  * net/tipc/link.c: TIPC link code
  * 
  * Copyright (c) 1996-2006, Ericsson AB
- * Copyright (c) 2004-2005, Wind River Systems
+ * Copyright (c) 2004-2006, Wind River Systems
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -988,17 +988,18 @@ static int link_bundle_buf(struct link *
 	struct tipc_msg *bundler_msg = buf_msg(bundler);
 	struct tipc_msg *msg = buf_msg(buf);
 	u32 size = msg_size(msg);
-	u32 to_pos = align(msg_size(bundler_msg));
-	u32 rest = link_max_pkt(l_ptr) - to_pos;
+	u32 bundle_size = msg_size(bundler_msg);
+	u32 to_pos = align(bundle_size);
+	u32 pad = to_pos - bundle_size;
 
 	if (msg_user(bundler_msg) != MSG_BUNDLER)
 		return 0;
 	if (msg_type(bundler_msg) != OPEN_MSG)
 		return 0;
-	if (rest < align(size))
+	if (skb_tailroom(bundler) < (pad + size))
 		return 0;
 
-	skb_put(bundler, (to_pos - msg_size(bundler_msg)) + size);
+	skb_put(bundler, pad + size);
 	memcpy(bundler->data + to_pos, buf->data, size);
 	msg_set_size(bundler_msg, to_pos + size);
 	msg_set_msgcnt(bundler_msg, msg_msgcnt(bundler_msg) + 1);
-- 
1.4.0

[PATCH 2/3] [TIPC] Improve response to requests for node/link information

[Per Liden]

From: Allan Stephens <allan.stephens@windriver.com>

Now allocates reply space for "get links" request based on number of actual
links, not number of potential links.  Also, limits reply to "get links" and
"get nodes" requests to 32KB to match capabilities of tipc-config utility
that issued request.

Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: Per Liden <per.liden@ericsson.com>
---
 net/tipc/node.c |   26 +++++++++++++++++---------
 net/tipc/zone.h |    4 ++--
 2 files changed, 19 insertions(+), 11 deletions(-)

diff --git a/net/tipc/node.c b/net/tipc/node.c
index ce9678e..bf24168 100644
--- a/net/tipc/node.c
+++ b/net/tipc/node.c
@@ -2,7 +2,7 @@
  * net/tipc/node.c: TIPC node management routines
  * 
  * Copyright (c) 2000-2006, Ericsson AB
- * Copyright (c) 2005, Wind River Systems
+ * Copyright (c) 2005-2006, Wind River Systems
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -592,6 +592,7 @@ struct sk_buff *tipc_node_get_nodes(cons
 	struct sk_buff *buf;
 	struct node *n_ptr;
         struct tipc_node_info node_info;
+	u32 payload_size;
 
 	if (!TLV_CHECK(req_tlv_area, req_tlv_space, TIPC_TLV_NET_ADDR))
 		return tipc_cfg_reply_error_string(TIPC_CFG_TLV_ERROR);
@@ -608,8 +609,11 @@ struct sk_buff *tipc_node_get_nodes(cons
 	/* For now, get space for all other nodes 
 	   (will need to modify this when slave nodes are supported */
 
-	buf = tipc_cfg_reply_alloc(TLV_SPACE(sizeof(node_info)) *
-				   (tipc_max_nodes - 1));
+	payload_size = TLV_SPACE(sizeof(node_info)) * (tipc_max_nodes - 1);
+	if (payload_size > 32768u)
+		return tipc_cfg_reply_error_string(TIPC_CFG_NOT_SUPPORTED
+						   " (too many nodes)");
+	buf = tipc_cfg_reply_alloc(payload_size);
 	if (!buf)
 		return NULL;
 
@@ -633,6 +637,7 @@ struct sk_buff *tipc_node_get_links(cons
 	struct sk_buff *buf;
 	struct node *n_ptr;
         struct tipc_link_info link_info;
+	u32 payload_size;
 
 	if (!TLV_CHECK(req_tlv_area, req_tlv_space, TIPC_TLV_NET_ADDR))
 		return tipc_cfg_reply_error_string(TIPC_CFG_TLV_ERROR);
@@ -645,12 +650,15 @@ struct sk_buff *tipc_node_get_links(cons
 
         if (!tipc_nodes)
                 return tipc_cfg_reply_none();
-
-	/* For now, get space for 2 links to all other nodes + bcast link 
-	   (will need to modify this when slave nodes are supported */
-
-	buf = tipc_cfg_reply_alloc(TLV_SPACE(sizeof(link_info)) *
-				   (2 * (tipc_max_nodes - 1) + 1));
+	
+	/* Get space for all unicast links + multicast link */
+
+	payload_size = TLV_SPACE(sizeof(link_info)) *
+		(tipc_net.zones[tipc_zone(tipc_own_addr)]->links + 1);
+	if (payload_size > 32768u)
+		return tipc_cfg_reply_error_string(TIPC_CFG_NOT_SUPPORTED
+						   " (too many links)");
+	buf = tipc_cfg_reply_alloc(payload_size);
 	if (!buf)
 		return NULL;
 
diff --git a/net/tipc/zone.h b/net/tipc/zone.h
index 267999c..5ab3d08 100644
--- a/net/tipc/zone.h
+++ b/net/tipc/zone.h
@@ -2,7 +2,7 @@
  * net/tipc/zone.h: Include file for TIPC zone management routines
  * 
  * Copyright (c) 2000-2006, Ericsson AB
- * Copyright (c) 2005, Wind River Systems
+ * Copyright (c) 2005-2006, Wind River Systems
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -45,7 +45,7 @@ #include "net.h"
  * struct _zone - TIPC zone structure
  * @addr: network address of zone
  * @clusters: array of pointers to all clusters within zone
- * @links: (used for inter-zone communication)
+ * @links: number of (unicast) links to zone
  */
  
 struct _zone {
-- 
1.4.0

[PATCH 3/3] [TIPC] Initial activation message now includes TIPC version number

[Per Liden]

From: Allan Stephens <allan.stephens@windriver.com>

Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: Per Liden <per.liden@ericsson.com>
---
 net/tipc/core.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/net/tipc/core.c b/net/tipc/core.c
index 5003acb..0539a83 100644
--- a/net/tipc/core.c
+++ b/net/tipc/core.c
@@ -191,7 +191,8 @@ static int __init tipc_init(void)
 	int res;
 
 	tipc_log_reinit(CONFIG_TIPC_LOG);
-	info("Activated (compiled " __DATE__ " " __TIME__ ")\n");
+	info("Activated (version " TIPC_MOD_VER 
+	     " compiled " __DATE__ " " __TIME__ ")\n");
 
 	tipc_own_addr = 0;
 	tipc_remote_management = 1;
-- 
1.4.0

Re: [PATCH 1/3] [TIPC] Fixed skb_under_panic caused by tipc_link_bundle_buf

[Per Liden]

A problem was found with this patch. The direct inspection of bundle 
buffer tailroom did not account for the possiblity of unrequested tailroom 
added by skb_alloc(), thereby allowing a bundle to be created that exceeds 
the current link MTU.

I'll resend this patch set with this issue resolved.

/Per

On Wed, 28 Jun 2006, Per Liden wrote:

> From: Allan Stephens <allan.stephens@windriver.com>
> 
> Now determines tailroom of bundle buffer by directly inspection of buffer.
> Previously, buffer was assumed to have a max capacity equal to the link MTU,
> but the addition of link MTU negotiation means that the link MTU can increase
> after the bundle buffer is allocated.
> 
> Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
> Signed-off-by: Per Liden <per.liden@ericsson.com>
> ---
>  net/tipc/link.c |   11 ++++++-----
>  1 files changed, 6 insertions(+), 5 deletions(-)
> 
> diff --git a/net/tipc/link.c b/net/tipc/link.c
> index d646580..c6831c7 100644
> --- a/net/tipc/link.c
> +++ b/net/tipc/link.c
> @@ -2,7 +2,7 @@
>   * net/tipc/link.c: TIPC link code
>   * 
>   * Copyright (c) 1996-2006, Ericsson AB
> - * Copyright (c) 2004-2005, Wind River Systems
> + * Copyright (c) 2004-2006, Wind River Systems
>   * All rights reserved.
>   *
>   * Redistribution and use in source and binary forms, with or without
> @@ -988,17 +988,18 @@ static int link_bundle_buf(struct link *
>  	struct tipc_msg *bundler_msg = buf_msg(bundler);
>  	struct tipc_msg *msg = buf_msg(buf);
>  	u32 size = msg_size(msg);
> -	u32 to_pos = align(msg_size(bundler_msg));
> -	u32 rest = link_max_pkt(l_ptr) - to_pos;
> +	u32 bundle_size = msg_size(bundler_msg);
> +	u32 to_pos = align(bundle_size);
> +	u32 pad = to_pos - bundle_size;
>  
>  	if (msg_user(bundler_msg) != MSG_BUNDLER)
>  		return 0;
>  	if (msg_type(bundler_msg) != OPEN_MSG)
>  		return 0;
> -	if (rest < align(size))
> +	if (skb_tailroom(bundler) < (pad + size))
>  		return 0;
>  
> -	skb_put(bundler, (to_pos - msg_size(bundler_msg)) + size);
> +	skb_put(bundler, pad + size);
>  	memcpy(bundler->data + to_pos, buf->data, size);
>  	msg_set_size(bundler_msg, to_pos + size);
>  	msg_set_msgcnt(bundler_msg, msg_msgcnt(bundler_msg) + 1);
> -- 
> 1.4.0
> 
> -
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

[PATCH 1/3] [TIPC] Fixed skb_under_panic caused by tipc_link_bundle_buf

[Per Liden]

From: Allan Stephens <allan.stephens@windriver.com>

Now determines tailroom of bundle buffer by directly inspection of buffer.
Previously, buffer was assumed to have a max capacity equal to the link MTU,
but the addition of link MTU negotiation means that the link MTU can increase
after the bundle buffer is allocated.

Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: Per Liden <per.liden@ericsson.com>
---
 net/tipc/core.h |    5 ++++-
 net/tipc/link.c |   13 ++++++++-----
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/net/tipc/core.h b/net/tipc/core.h
index 86f54f3..762aac2 100644
--- a/net/tipc/core.h
+++ b/net/tipc/core.h
@@ -297,7 +297,10 @@ static inline struct tipc_msg *buf_msg(s
  * buf_acquire - creates a TIPC message buffer
  * @size: message size (including TIPC header)
  *
- * Returns a new buffer.  Space is reserved for a data link header.
+ * Returns a new buffer with data pointers set to the specified size.
+ * 
+ * NOTE: Headroom is reserved to allow prepending of a data link header.
+ *       There may also be unrequested tailroom present at the buffer's end.
  */
 
 static inline struct sk_buff *buf_acquire(u32 size)
diff --git a/net/tipc/link.c b/net/tipc/link.c
index d646580..c10e18a 100644
--- a/net/tipc/link.c
+++ b/net/tipc/link.c
@@ -2,7 +2,7 @@
  * net/tipc/link.c: TIPC link code
  * 
  * Copyright (c) 1996-2006, Ericsson AB
- * Copyright (c) 2004-2005, Wind River Systems
+ * Copyright (c) 2004-2006, Wind River Systems
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -988,17 +988,20 @@ static int link_bundle_buf(struct link *
 	struct tipc_msg *bundler_msg = buf_msg(bundler);
 	struct tipc_msg *msg = buf_msg(buf);
 	u32 size = msg_size(msg);
-	u32 to_pos = align(msg_size(bundler_msg));
-	u32 rest = link_max_pkt(l_ptr) - to_pos;
+	u32 bundle_size = msg_size(bundler_msg);
+	u32 to_pos = align(bundle_size);
+	u32 pad = to_pos - bundle_size;
 
 	if (msg_user(bundler_msg) != MSG_BUNDLER)
 		return 0;
 	if (msg_type(bundler_msg) != OPEN_MSG)
 		return 0;
-	if (rest < align(size))
+	if (skb_tailroom(bundler) < (pad + size))
+		return 0;
+	if (link_max_pkt(l_ptr) < (to_pos + size))
 		return 0;
 
-	skb_put(bundler, (to_pos - msg_size(bundler_msg)) + size);
+	skb_put(bundler, pad + size);
 	memcpy(bundler->data + to_pos, buf->data, size);
 	msg_set_size(bundler_msg, to_pos + size);
 	msg_set_msgcnt(bundler_msg, msg_msgcnt(bundler_msg) + 1);
-- 
1.4.0

Re: [PATCH 1/3] [TIPC] Fixed skb_under_panic caused by tipc_link_bundle_buf

[David Miller]

From: Per Liden <per.liden@ericsson.com>
Date: Wed, 28 Jun 2006 14:07:50 +0200

> From: Allan Stephens <allan.stephens@windriver.com>
> 
> Now determines tailroom of bundle buffer by directly inspection of buffer.
> Previously, buffer was assumed to have a max capacity equal to the link MTU,
> but the addition of link MTU negotiation means that the link MTU can increase
> after the bundle buffer is allocated.
> 
> Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
> Signed-off-by: Per Liden <per.liden@ericsson.com>

Applied, thanks.

Re: [PATCH 2/3] [TIPC] Improve response to requests for node/link information

[David Miller]

From: Per Liden <per.liden@ericsson.com>
Date: Wed, 28 Jun 2006 14:07:51 +0200

> From: Allan Stephens <allan.stephens@windriver.com>
> 
> Now allocates reply space for "get links" request based on number of actual
> links, not number of potential links.  Also, limits reply to "get links" and
> "get nodes" requests to 32KB to match capabilities of tipc-config utility
> that issued request.
> 
> Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
> Signed-off-by: Per Liden <per.liden@ericsson.com>

Applied, thanks.

Re: [PATCH 3/3] [TIPC] Initial activation message now includes TIPC version number

[David Miller]

From: Per Liden <per.liden@ericsson.com>
Date: Wed, 28 Jun 2006 14:07:52 +0200

> From: Allan Stephens <allan.stephens@windriver.com>
> 
> Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
> Signed-off-by: Per Liden <per.liden@ericsson.com>

Also applied, thanks a lot.

Re: [PATCH 1/3] [TIPC] Fixed skb_under_panic caused by tipc_link_bundle_buf

[David Miller]

From: Per Liden <per.liden@ericsson.com>
Date: Thu, 29 Jun 2006 17:17:20 +0200 (CEST)

> A problem was found with this patch. The direct inspection of bundle 
> buffer tailroom did not account for the possiblity of unrequested tailroom 
> added by skb_alloc(), thereby allowing a bundle to be created that exceeds 
> the current link MTU.
> 
> I'll resend this patch set with this issue resolved.

I've applied the patch already, please send a relative fix.
Thanks.

Re: [PATCH 1/3] [TIPC] Fixed skb_under_panic caused by tipc_link_bundle_buf

[Per Liden]

On Thu, 29 Jun 2006, David Miller wrote:

> From: Per Liden <per.liden@ericsson.com>
> Date: Thu, 29 Jun 2006 17:17:20 +0200 (CEST)
> 
> > A problem was found with this patch. The direct inspection of bundle 
> > buffer tailroom did not account for the possiblity of unrequested tailroom 
> > added by skb_alloc(), thereby allowing a bundle to be created that exceeds 
> > the current link MTU.
> > 
> > I'll resend this patch set with this issue resolved.
> 
> I've applied the patch already, please send a relative fix.

Here's a relative fix.

/Per


[TIPC] Fixed sk_buff panic caused by tipc_link_bundle_buf (REVISED)

From: Allan Stephens <allan.stephens@windriver.com>

The recent change to direct inspection of bundle buffer tailroom did not
account for the possiblity of unrequested tailroom added by skb_alloc(),
thereby allowing a bundle to be created that exceeds the current link MTU.
An additional check now ensures that bundling works correctly no matter
if the bundle buffer is smaller, larger, or equal to the link MTU.

Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: Per Liden <per.liden@ericsson.com>
---
 net/tipc/core.h |    5 ++++-
 net/tipc/link.c |    2 ++
 2 files changed, 6 insertions(+), 1 deletions(-)

diff --git a/net/tipc/core.h b/net/tipc/core.h
index 86f54f3..762aac2 100644
--- a/net/tipc/core.h
+++ b/net/tipc/core.h
@@ -297,7 +297,10 @@ static inline struct tipc_msg *buf_msg(s
  * buf_acquire - creates a TIPC message buffer
  * @size: message size (including TIPC header)
  *
- * Returns a new buffer.  Space is reserved for a data link header.
+ * Returns a new buffer with data pointers set to the specified size.
+ * 
+ * NOTE: Headroom is reserved to allow prepending of a data link header.
+ *       There may also be unrequested tailroom present at the buffer's end.
  */
 
 static inline struct sk_buff *buf_acquire(u32 size)
diff --git a/net/tipc/link.c b/net/tipc/link.c
index c6831c7..c10e18a 100644
--- a/net/tipc/link.c
+++ b/net/tipc/link.c
@@ -998,6 +998,8 @@ static int link_bundle_buf(struct link *
 		return 0;
 	if (skb_tailroom(bundler) < (pad + size))
 		return 0;
+	if (link_max_pkt(l_ptr) < (to_pos + size))
+		return 0;
 
 	skb_put(bundler, pad + size);
 	memcpy(bundler->data + to_pos, buf->data, size);
-- 
1.4.0

Re: [PATCH 1/3] [TIPC] Fixed skb_under_panic caused by tipc_link_bundle_buf

[David Miller]

From: Per Liden <per.liden@ericsson.com>
Date: Fri, 30 Jun 2006 10:49:08 +0200 (CEST)

> [TIPC] Fixed sk_buff panic caused by tipc_link_bundle_buf (REVISED)
> 
> From: Allan Stephens <allan.stephens@windriver.com>
> 
> The recent change to direct inspection of bundle buffer tailroom did not
> account for the possiblity of unrequested tailroom added by skb_alloc(),
> thereby allowing a bundle to be created that exceeds the current link MTU.
> An additional check now ensures that bundling works correctly no matter
> if the bundle buffer is smaller, larger, or equal to the link MTU.
> 
> Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
> Signed-off-by: Per Liden <per.liden@ericsson.com>

Applied, thanks a lot Per.