* [patch 2/2] tun: impossible to deassert IFF_ONE_QUEUE or IFF_NO_PI
@ 2008-02-05 7:45 akpm
2008-02-05 11:05 ` David Miller
0 siblings, 1 reply; 2+ messages in thread
From: akpm @ 2008-02-05 7:45 UTC (permalink / raw)
To: davem; +Cc: netdev, akpm, nwfilardo, jeff, maxk
From: "Nathaniel Filardo" <nwfilardo@gmail.com>
Taken from http://bugzilla.kernel.org/show_bug.cgi?id=9806
The TUN/TAP driver only permits one-way transitions of IFF_NO_PI or
IFF_ONE_QUEUE during the lifetime of a tap/tun interface. Note that
tun_set_iff contains
541 if (ifr->ifr_flags & IFF_NO_PI)
542 tun->flags |= TUN_NO_PI;
543
544 if (ifr->ifr_flags & IFF_ONE_QUEUE)
545 tun->flags |= TUN_ONE_QUEUE;
This is easily fixed by adding else branches which clear these bits.
Steps to reproduce:
This is easily reproduced by setting an interface persistant using tunctl then
attempting to open it as IFF_TAP or IFF_TUN, without asserting the IFF_NO_PI
flag. The ioctl() will succeed and the ifr.flags word is not modified, but the
interface remains in IFF_NO_PI mode (as it was set by tunctl).
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Jeff Garzik <jeff@garzik.org>
Acked-by: Maxim Krasnyansky <maxk@qualcomm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
drivers/net/tun.c | 4 ++++
1 file changed, 4 insertions(+)
diff -puN drivers/net/tun.c~tun-dev-impossible-to-deassert-iff_one_queue-or-iff_no_pi drivers/net/tun.c
--- a/drivers/net/tun.c~tun-dev-impossible-to-deassert-iff_one_queue-or-iff_no_pi
+++ a/drivers/net/tun.c
@@ -529,9 +529,13 @@ static int tun_set_iff(struct file *file
if (ifr->ifr_flags & IFF_NO_PI)
tun->flags |= TUN_NO_PI;
+ else
+ tun->flags &= ~TUN_NO_PI;
if (ifr->ifr_flags & IFF_ONE_QUEUE)
tun->flags |= TUN_ONE_QUEUE;
+ else
+ tun->flags &= ~TUN_ONE_QUEUE;
file->private_data = tun;
tun->attached = 1;
_
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [patch 2/2] tun: impossible to deassert IFF_ONE_QUEUE or IFF_NO_PI
2008-02-05 7:45 [patch 2/2] tun: impossible to deassert IFF_ONE_QUEUE or IFF_NO_PI akpm
@ 2008-02-05 11:05 ` David Miller
0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2008-02-05 11:05 UTC (permalink / raw)
To: akpm; +Cc: netdev, nwfilardo, jeff, maxk
From: akpm@linux-foundation.org
Date: Mon, 04 Feb 2008 23:45:21 -0800
> From: "Nathaniel Filardo" <nwfilardo@gmail.com>
>
> Taken from http://bugzilla.kernel.org/show_bug.cgi?id=9806
>
> The TUN/TAP driver only permits one-way transitions of IFF_NO_PI or
> IFF_ONE_QUEUE during the lifetime of a tap/tun interface. Note that
> tun_set_iff contains
>
> 541 if (ifr->ifr_flags & IFF_NO_PI)
> 542 tun->flags |= TUN_NO_PI;
> 543
> 544 if (ifr->ifr_flags & IFF_ONE_QUEUE)
> 545 tun->flags |= TUN_ONE_QUEUE;
>
> This is easily fixed by adding else branches which clear these bits.
>
> Steps to reproduce:
>
> This is easily reproduced by setting an interface persistant using tunctl then
> attempting to open it as IFF_TAP or IFF_TUN, without asserting the IFF_NO_PI
> flag. The ioctl() will succeed and the ifr.flags word is not modified, but the
> interface remains in IFF_NO_PI mode (as it was set by tunctl).
>
> Cc: "David S. Miller" <davem@davemloft.net>
> Cc: Jeff Garzik <jeff@garzik.org>
> Acked-by: Maxim Krasnyansky <maxk@qualcomm.com>
> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Applied.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2008-02-05 11:05 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-02-05 7:45 [patch 2/2] tun: impossible to deassert IFF_ONE_QUEUE or IFF_NO_PI akpm
2008-02-05 11:05 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox