[PATCH 0/5 net-next-2.6] [TIPC]: Fixes to several obscure problems

[PATCH 0/5 net-next-2.6] [TIPC]: Fixes to several obscure problems

[Allan Stephens]

This patch set is a collection of small changes that fix issues in TIPC that do
not impact typical users.  Please see each individual patch for a further
description of each item.

Summary:

 include/linux/tipc_config.h |   10 +++++++++-
 net/tipc/config.c           |    9 ++++++---
 net/tipc/core.c             |    4 ++--
 net/tipc/core.h             |    2 +-
 net/tipc/discover.c         |    5 ++---
 net/tipc/net.c              |   10 +++++++---
 net/tipc/net.h              |    2 +-
 net/tipc/netlink.c          |   16 +++++++++-------
 net/tipc/node.c             |   26 ++++++++++++++++++++++++++
 net/tipc/port.c             |    1 +
 10 files changed, 64 insertions(+), 21 deletions(-)

Allan Stephens (5):
      [TIPC]: Fix skb_under_panic when configuring TIPC without privileges
      [TIPC]: Prevent node object duplication due to simultaneous discovery
      [TIPC]: Optimize null pointer check during neighbor discovery
      [TIPC]: Update "previous node" indicators when node address changes
      [TIPC]: Fix initialization sequence problems when entering network mode

Thanks,
Al

[PATCH 1/5 net-next-2.6] [TIPC]: Fix skb_under_panic when configuring TIPC without privileges

[Allan Stephens]

This patch prevents a TIPC configuration command requiring network
administrator privileges from triggering an skbuff underrun if it
is issued by a process lacking those privileges.  The revised error
handling code avoids the use of a potentially uninitialized global
variable by transforming the unauthorized command into a new command,
then following the standard command processing path to generate the
required error message.

Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
---
 include/linux/tipc_config.h |   10 +++++++++-
 net/tipc/config.c           |    6 +++++-
 net/tipc/netlink.c          |   16 +++++++++-------
 3 files changed, 23 insertions(+), 9 deletions(-)

diff --git a/include/linux/tipc_config.h b/include/linux/tipc_config.h
index b0c916d..2bc6fa4 100644
--- a/include/linux/tipc_config.h
+++ b/include/linux/tipc_config.h
@@ -2,7 +2,7 @@
  * include/linux/tipc_config.h: Include file for TIPC configuration interface
  * 
  * Copyright (c) 2003-2006, Ericsson AB
- * Copyright (c) 2005, Wind River Systems
+ * Copyright (c) 2005-2007, Wind River Systems
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -136,6 +136,14 @@
 #define  TIPC_CMD_SET_NETID         0x800B    /* tx unsigned, rx none */
 
 /*
+ * Reserved commands:
+ * May not be issued by any process.
+ * Used internally by TIPC.
+ */
+
+#define  TIPC_CMD_NOT_NET_ADMIN     0xC001    /* tx none, rx none */
+
+/*
  * TLV types defined for TIPC
  */
 
diff --git a/net/tipc/config.c b/net/tipc/config.c
index 91d56f8..16e7cb7 100644
--- a/net/tipc/config.c
+++ b/net/tipc/config.c
@@ -2,7 +2,7 @@
  * net/tipc/config.c: TIPC configuration management code
  *
  * Copyright (c) 2002-2006, Ericsson AB
- * Copyright (c) 2004-2006, Wind River Systems
+ * Copyright (c) 2004-2007, Wind River Systems
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -602,6 +602,10 @@ struct sk_buff *tipc_cfg_do_cmd(u32 orig_node, u16 cmd, const void *request_area
 	case TIPC_CMD_GET_NETID:
 		rep_tlv_buf = tipc_cfg_reply_unsigned(tipc_net_id);
 		break;
+	case TIPC_CMD_NOT_NET_ADMIN:
+		rep_tlv_buf =
+			tipc_cfg_reply_error_string(TIPC_CFG_NOT_NET_ADMIN);
+		break;
 	default:
 		rep_tlv_buf = tipc_cfg_reply_error_string(TIPC_CFG_NOT_SUPPORTED
 							  " (unknown command)");
diff --git a/net/tipc/netlink.c b/net/tipc/netlink.c
index 6a7f7b4..c387217 100644
--- a/net/tipc/netlink.c
+++ b/net/tipc/netlink.c
@@ -2,7 +2,7 @@
  * net/tipc/netlink.c: TIPC configuration handling
  *
  * Copyright (c) 2005-2006, Ericsson AB
- * Copyright (c) 2005, Wind River Systems
+ * Copyright (c) 2005-2007, Wind River Systems
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -45,15 +45,17 @@ static int handle_cmd(struct sk_buff *skb, struct genl_info *info)
 	struct nlmsghdr *req_nlh = info->nlhdr;
 	struct tipc_genlmsghdr *req_userhdr = info->userhdr;
 	int hdr_space = NLMSG_SPACE(GENL_HDRLEN + TIPC_GENL_HDRLEN);
+	u16 cmd;
 
 	if ((req_userhdr->cmd & 0xC000) && (!capable(CAP_NET_ADMIN)))
-		rep_buf = tipc_cfg_reply_error_string(TIPC_CFG_NOT_NET_ADMIN);
+		cmd = TIPC_CMD_NOT_NET_ADMIN;
 	else
-		rep_buf = tipc_cfg_do_cmd(req_userhdr->dest,
-					  req_userhdr->cmd,
-					  NLMSG_DATA(req_nlh) + GENL_HDRLEN + TIPC_GENL_HDRLEN,
-					  NLMSG_PAYLOAD(req_nlh, GENL_HDRLEN + TIPC_GENL_HDRLEN),
-					  hdr_space);
+		cmd = req_userhdr->cmd;
+
+	rep_buf = tipc_cfg_do_cmd(req_userhdr->dest, cmd,
+			NLMSG_DATA(req_nlh) + GENL_HDRLEN + TIPC_GENL_HDRLEN,
+			NLMSG_PAYLOAD(req_nlh, GENL_HDRLEN + TIPC_GENL_HDRLEN),
+			hdr_space);
 
 	if (rep_buf) {
 		skb_push(rep_buf, hdr_space);
-- 
1.5.3.2

[PATCH 2/5 net-next-2.6] [TIPC]: Prevent node object duplication due to simultaneous discovery

[Allan Stephens]

This patch ensures that the simultaneous discovery of the same
neighboring node by multiple interfaces does not cause TIPC to add
the node into its internal data structures more than once.

Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
---
 net/tipc/node.c |   26 ++++++++++++++++++++++++++
 1 files changed, 26 insertions(+), 0 deletions(-)

diff --git a/net/tipc/node.c b/net/tipc/node.c
index 598f4d3..34e9a2b 100644
--- a/net/tipc/node.c
+++ b/net/tipc/node.c
@@ -52,16 +52,40 @@ static void node_established_contact(struct node *n_ptr);
 
 struct node *tipc_nodes = NULL;	/* sorted list of nodes within cluster */
 
+static DEFINE_SPINLOCK(node_create_lock);
+
 u32 tipc_own_tag = 0;
 
+/**
+ * tipc_node_create - create neighboring node
+ *
+ * Currently, this routine is called by neighbor discovery code, which holds
+ * net_lock for reading only.  We must take node_create_lock to ensure a node
+ * isn't created twice if two different bearers discover the node at the same
+ * time.  (It would be preferable to switch to holding net_lock in write mode,
+ * but this is a non-trivial change.)
+ */
+
 struct node *tipc_node_create(u32 addr)
 {
 	struct cluster *c_ptr;
 	struct node *n_ptr;
 	struct node **curr_node;
 
+	spin_lock_bh(&node_create_lock);
+
+	for (n_ptr = tipc_nodes; n_ptr; n_ptr = n_ptr->next) {
+		if (addr < n_ptr->addr)
+			break;
+		if (addr == n_ptr->addr) {
+			spin_unlock_bh(&node_create_lock);
+			return n_ptr;
+		}
+	}
+
 	n_ptr = kzalloc(sizeof(*n_ptr),GFP_ATOMIC);
 	if (!n_ptr) {
+		spin_unlock_bh(&node_create_lock);
 		warn("Node creation failed, no memory\n");
 		return NULL;
 	}
@@ -71,6 +95,7 @@ struct node *tipc_node_create(u32 addr)
 		c_ptr = tipc_cltr_create(addr);
 	}
 	if (!c_ptr) {
+		spin_unlock_bh(&node_create_lock);
 		kfree(n_ptr);
 		return NULL;
 	}
@@ -91,6 +116,7 @@ struct node *tipc_node_create(u32 addr)
 		}
 	}
 	(*curr_node) = n_ptr;
+	spin_unlock_bh(&node_create_lock);
 	return n_ptr;
 }
 
-- 
1.5.3.2

[PATCH 3/5 net-next-2.6] [TIPC]: Optimize null pointer check during neighbor discovery

[Allan Stephens]

This patch optimizes TIPC neighbor discovery code to avoid testing for
a null node pointer when the pointer is already known to be non-null.

Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
---
 net/tipc/discover.c |    5 ++---
 1 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/net/tipc/discover.c b/net/tipc/discover.c
index 5d643e5..faeaf06 100644
--- a/net/tipc/discover.c
+++ b/net/tipc/discover.c
@@ -200,9 +200,8 @@ void tipc_disc_recv_msg(struct sk_buff *buf)
 		dbg(" in own cluster\n");
 		if (n_ptr == NULL) {
 			n_ptr = tipc_node_create(orig);
-		}
-		if (n_ptr == NULL) {
-			return;
+			if (!n_ptr)
+				return;
 		}
 		spin_lock_bh(&n_ptr->lock);
 		link = n_ptr->links[b_ptr->identity];
-- 
1.5.3.2

[PATCH 4/5 net-next-2.6] [TIPC]: Update "previous node" indicators when node address changes

[Allan Stephens]

This patch ensures that the "previous node" field in any existing
TIPC port message header templates is updated properly when a TIPC
network address is assigned to the node.  (Previously, only the
"originating node" field was updated.)

Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
---
 net/tipc/port.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/net/tipc/port.c b/net/tipc/port.c
index 757de38..2c64ad8 100644
--- a/net/tipc/port.c
+++ b/net/tipc/port.c
@@ -780,6 +780,7 @@ void tipc_port_reinit(void)
 		msg = &p_ptr->publ.phdr;
 		if (msg_orignode(msg) == tipc_own_addr)
 			break;
+		msg_set_prevnode(msg, tipc_own_addr);
 		msg_set_orignode(msg, tipc_own_addr);
 	}
 	spin_unlock_bh(&tipc_port_list_lock);
-- 
1.5.3.2

[PATCH 5/5 net-next-2.6] [TIPC]: Fix initialization sequence problems when entering network mode

[Allan Stephens]

This patch ensures that TIPC's topology service and configuration
service are shut down before switching into "network mode".  This
ensures that TIPC does not mistakenly try to send unnecessary
"publication withdraw" messages to other nodes before it is fully
initialized for sending off-node messages.  Note that the node's
current network address is now updated only after the two services
are shut down; this ensures that any existing connections to the
topology server are terminated correctly using the old address.

Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
---
 net/tipc/config.c |    3 +--
 net/tipc/core.c   |    4 ++--
 net/tipc/core.h   |    2 +-
 net/tipc/net.c    |   10 +++++++---
 net/tipc/net.h    |    2 +-
 5 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/net/tipc/config.c b/net/tipc/config.c
index 16e7cb7..ca3544d 100644
--- a/net/tipc/config.c
+++ b/net/tipc/config.c
@@ -293,7 +293,6 @@ static struct sk_buff *cfg_set_own_addr(void)
 	if (tipc_mode == TIPC_NET_MODE)
 		return tipc_cfg_reply_error_string(TIPC_CFG_NOT_SUPPORTED
 						   " (cannot change node address once assigned)");
-	tipc_own_addr = addr;
 
 	/*
 	 * Must release all spinlocks before calling start_net() because
@@ -306,7 +305,7 @@ static struct sk_buff *cfg_set_own_addr(void)
 	 */
 
 	spin_unlock_bh(&config_lock);
-	tipc_core_start_net();
+	tipc_core_start_net(addr);
 	spin_lock_bh(&config_lock);
 	return tipc_cfg_reply_none();
 }
diff --git a/net/tipc/core.c b/net/tipc/core.c
index 3d97386..3256bd7 100644
--- a/net/tipc/core.c
+++ b/net/tipc/core.c
@@ -117,11 +117,11 @@ void tipc_core_stop_net(void)
  * start_net - start TIPC networking sub-systems
  */
 
-int tipc_core_start_net(void)
+int tipc_core_start_net(unsigned long addr)
 {
 	int res;
 
-	if ((res = tipc_net_start()) ||
+	if ((res = tipc_net_start(addr)) ||
 	    (res = tipc_eth_media_start())) {
 		tipc_core_stop_net();
 	}
diff --git a/net/tipc/core.h b/net/tipc/core.h
index bd78d17..a881f92 100644
--- a/net/tipc/core.h
+++ b/net/tipc/core.h
@@ -202,7 +202,7 @@ extern atomic_t tipc_user_count;
 
 extern int  tipc_core_start(void);
 extern void tipc_core_stop(void);
-extern int  tipc_core_start_net(void);
+extern int  tipc_core_start_net(unsigned long addr);
 extern void tipc_core_stop_net(void);
 extern int  tipc_handler_start(void);
 extern void tipc_handler_stop(void);
diff --git a/net/tipc/net.c b/net/tipc/net.c
index c39c762..cc51fa4 100644
--- a/net/tipc/net.c
+++ b/net/tipc/net.c
@@ -266,7 +266,7 @@ void tipc_net_route_msg(struct sk_buff *buf)
 	tipc_link_send(buf, dnode, msg_link_selector(msg));
 }
 
-int tipc_net_start(void)
+int tipc_net_start(u32 addr)
 {
 	char addr_string[16];
 	int res;
@@ -274,6 +274,10 @@ int tipc_net_start(void)
 	if (tipc_mode != TIPC_NODE_MODE)
 		return -ENOPROTOOPT;
 
+	tipc_subscr_stop();
+	tipc_cfg_stop();
+
+	tipc_own_addr = addr;
 	tipc_mode = TIPC_NET_MODE;
 	tipc_named_reinit();
 	tipc_port_reinit();
@@ -284,10 +288,10 @@ int tipc_net_start(void)
 	    (res = tipc_bclink_init())) {
 		return res;
 	}
-	tipc_subscr_stop();
-	tipc_cfg_stop();
+
 	tipc_k_signal((Handler)tipc_subscr_start, 0);
 	tipc_k_signal((Handler)tipc_cfg_init, 0);
+
 	info("Started in network mode\n");
 	info("Own node address %s, network identity %u\n",
 	     addr_string_fill(addr_string, tipc_own_addr), tipc_net_id);
diff --git a/net/tipc/net.h b/net/tipc/net.h
index a6a0e99..d154ac2 100644
--- a/net/tipc/net.h
+++ b/net/tipc/net.h
@@ -58,7 +58,7 @@ void tipc_net_route_msg(struct sk_buff *buf);
 struct node *tipc_net_select_remote_node(u32 addr, u32 ref);
 u32 tipc_net_select_router(u32 addr, u32 ref);
 
-int tipc_net_start(void);
+int tipc_net_start(u32 addr);
 void tipc_net_stop(void);
 
 #endif
-- 
1.5.3.2

Re: [PATCH 0/5 net-next-2.6] [TIPC]: Fixes to several obscure problems

[David Miller]

From: Allan Stephens <allan.stephens@windriver.com>
Date: Tue, 20 May 2008 17:08:27 -0400

> This patch set is a collection of small changes that fix issues in
> TIPC that do not impact typical users.  Please see each individual
> patch for a further description of each item.

All 5 patches applied, thanks Allan.