From 026e43def736923fedb9919a0bd22fff7ba03e8b Mon Sep 17 00:00:00 2001 From: Dave Jones Date: Wed, 12 Dec 2012 18:11:34 +0000 Subject: nfc: remove noisy message from llcp_sock_sendmsg This is easily triggerable when fuzz-testing as an unprivileged user. We could rate-limit it, but given we don't print similar messages for other protocols, I just removed it. Signed-off-by: Dave Jones Signed-off-by: David S. Miller --- net/nfc/llcp/sock.c | 4 ---- 1 file changed, 4 deletions(-) (limited to 'net') diff --git a/net/nfc/llcp/sock.c b/net/nfc/llcp/sock.c index 0fa1e92ceac8..fea22eb41b82 100644 --- a/net/nfc/llcp/sock.c +++ b/net/nfc/llcp/sock.c @@ -614,10 +614,6 @@ static int llcp_sock_sendmsg(struct kiocb *iocb, struct socket *sock, if (msg->msg_namelen < sizeof(*addr)) { release_sock(sk); - - pr_err("Invalid socket address length %d\n", - msg->msg_namelen); - return -EINVAL; } -- cgit v1.2.1 From 7bdc1b4abab3af0a803300f706c9814ef4e20a3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?YOSHIFUJI=20Hideaki=20/=20=E5=90=89=E8=97=A4=E8=8B=B1?= =?UTF-8?q?=E6=98=8E?= Date: Thu, 13 Dec 2012 04:29:36 +0000 Subject: ndisc: Fix padding error in link-layer address option. If a natural number n exists where 2 + data_len <= 8n < 2 + data_len + pad, post padding is not initialized correctly. (Un)fortunately, the only type that requires pad is Infiniband, whose pad is 2 and data_len is 20, and this logical error has not become obvious, but it is better to fix. Note that ndisc_opt_addr_space() handles the situation described above correctly. Signed-off-by: YOSHIFUJI Hideaki Signed-off-by: David S. Miller --- net/ipv6/ndisc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net') diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c index 4c02e6ab96e7..f2a007b7bde3 100644 --- a/net/ipv6/ndisc.c +++ b/net/ipv6/ndisc.c @@ -151,8 +151,8 @@ static inline int ndisc_opt_addr_space(struct net_device *dev) static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len, unsigned short addr_type) { - int space = NDISC_OPT_SPACE(data_len); int pad = ndisc_addr_option_pad(addr_type); + int space = NDISC_OPT_SPACE(data_len + pad); opt[0] = type; opt[1] = space>>3; -- cgit v1.2.1 From eca2a43bb0d2c6ebd528be6acb30a88435abe307 Mon Sep 17 00:00:00 2001 From: stephen hemminger Date: Thu, 13 Dec 2012 06:51:28 +0000 Subject: bridge: fix icmpv6 endian bug and other sparse warnings Fix the warnings reported by sparse on recent bridge multicast changes. Mostly just rcu annotation issues but in this case sparse found a real bug! The ICMPv6 mld2 query mrc values is in network byte order. Signed-off-by: Stephen Hemminger Signed-off-by: David S. Miller --- net/bridge/br_multicast.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'net') diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c index 977c3ee02e65..1093c89095d8 100644 --- a/net/bridge/br_multicast.c +++ b/net/bridge/br_multicast.c @@ -622,7 +622,7 @@ out: struct net_bridge_port_group *br_multicast_new_port_group( struct net_bridge_port *port, struct br_ip *group, - struct net_bridge_port_group *next) + struct net_bridge_port_group __rcu *next) { struct net_bridge_port_group *p; @@ -632,7 +632,7 @@ struct net_bridge_port_group *br_multicast_new_port_group( p->addr = *group; p->port = port; - p->next = next; + rcu_assign_pointer(p->next, next); hlist_add_head(&p->mglist, &port->mglist); setup_timer(&p->timer, br_multicast_port_group_expired, (unsigned long)p); @@ -1138,7 +1138,7 @@ static int br_ip6_multicast_query(struct net_bridge *br, struct sk_buff *skb) { const struct ipv6hdr *ip6h = ipv6_hdr(skb); - struct mld_msg *mld = (struct mld_msg *) icmp6_hdr(skb); + struct mld_msg *mld; struct net_bridge_mdb_entry *mp; struct mld2_query *mld2q; struct net_bridge_port_group *p; @@ -1165,6 +1165,7 @@ static int br_ip6_multicast_query(struct net_bridge *br, if (max_delay) group = &mld->mld_mca; } else if (skb->len >= sizeof(*mld2q)) { + u16 mrc; if (!pskb_may_pull(skb, sizeof(*mld2q))) { err = -EINVAL; goto out; @@ -1172,7 +1173,8 @@ static int br_ip6_multicast_query(struct net_bridge *br, mld2q = (struct mld2_query *)icmp6_hdr(skb); if (!mld2q->mld2q_nsrcs) group = &mld2q->mld2q_mca; - max_delay = mld2q->mld2q_mrc ? MLDV2_MRC(mld2q->mld2q_mrc) : 1; + mrc = ntohs(mld2q->mld2q_mrc); + max_delay = mrc ? MLDV2_MRC(mrc) : 1; } if (!group) -- cgit v1.2.1