subject:"\+ xfrm_policy\-warning\-fix.patch added to \-mm tree"

Re: + xfrm_policy-warning-fix.patch added to -mm tree

2007-11-29 Thread Herbert Xu

On Thu, Nov 29, 2007 at 09:32:02AM -0800, Andrew Morton wrote:
>
> > diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
> > index b702bd8..9a4cf2e 100644
> > --- a/net/xfrm/xfrm_policy.c
> > +++ b/net/xfrm/xfrm_policy.c
> > @@ -1344,6 +1344,7 @@ restart:
> > xfrm_nr += pols[0]->xfrm_nr;
> >  
> > switch (policy->action) {
> > +   default:
> > case XFRM_POLICY_BLOCK:
> > /* Prohibit the flow */
> > err = -EPERM;
> 
> hm.  If someone feeds a bad value into here we want to know about it rather
> than silently fixing it up, don't we?

As I said, we already check all policy actions when they enter the kernel
from user-space.  For example, in xfrm_user we make sure that action is
one of these values.  So this is mainly to shut gcc up.

Even if we did somehow get an illegal value through, dropping the packet
sounds like a sane action to follow and I'm sure people will notice pretty
quickly when packets don't flow anymore :)

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: + xfrm_policy-warning-fix.patch added to -mm tree

2007-11-29 Thread Andrew Morton

On Fri, 30 Nov 2007 00:51:33 +1100 Herbert Xu <[EMAIL PROTECTED]> wrote:

> On Wed, Nov 28, 2007 at 02:56:51AM -0800, [EMAIL PROTECTED] wrote:
> > 
> > The patch titled
> >  xfrm_policy warning fix
> > has been added to the -mm tree.  Its filename is
> >  xfrm_policy-warning-fix.patch
> > 
> > *** Remember to use Documentation/SubmitChecklist when testing your code ***
> > 
> > See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
> > out what to do about this
> > 
> > --
> > Subject: xfrm_policy warning fix
> > From: Andrew Morton <[EMAIL PROTECTED]>
> > 
> > Fix this:
> > 
> > net/xfrm/xfrm_policy.c: In function '__xfrm_lookup':
> > net/xfrm/xfrm_policy.c:1449: warning: 'dst' may be used uninitialized in 
> > this function
> > 
> > by checking for impossible values in the switch().
> 
> Thanks Andrew.  I've added the following patch to net-2.6.
> -- 
> Visit Openswan at http://www.openswan.org/
> Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
> --
> commit 5e5234ff17ef98932688116025b30958bd28a940
> Author: Herbert Xu <[EMAIL PROTECTED]>
> Date:   Fri Nov 30 00:50:31 2007 +1100
> 
> [IPSEC]: Fix uninitialised dst warning in __xfrm_lookup
> 
> Andrew Morton reported that __xfrm_lookup generates this warning:
> 
> net/xfrm/xfrm_policy.c: In function '__xfrm_lookup':
> net/xfrm/xfrm_policy.c:1449: warning: 'dst' may be used uninitialized in 
> this function
> 
> This is because if policy->action is of an unexpected value then dst will
> not be initialised.  Of course, in practice this should never happen since
> the input layer xfrm_user/af_key will filter out all illegal values.  But
> the compiler doesn't know that of course.
> 
> So this patch fixes this by taking the conservative approach and treat all
> unknown actions the same as a blocking action.
> 
> Thanks to Andrew for finding this and providing an initial fix.
> 
> Signed-off-by: Herbert Xu <[EMAIL PROTECTED]>
> 
> diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
> index b702bd8..9a4cf2e 100644
> --- a/net/xfrm/xfrm_policy.c
> +++ b/net/xfrm/xfrm_policy.c
> @@ -1344,6 +1344,7 @@ restart:
>   xfrm_nr += pols[0]->xfrm_nr;
>  
>   switch (policy->action) {
> + default:
>   case XFRM_POLICY_BLOCK:
>   /* Prohibit the flow */
>   err = -EPERM;

hm.  If someone feeds a bad value into here we want to know about it rather
than silently fixing it up, don't we?

-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: + xfrm_policy-warning-fix.patch added to -mm tree

2007-11-29 Thread Herbert Xu

On Wed, Nov 28, 2007 at 02:56:51AM -0800, [EMAIL PROTECTED] wrote:
> 
> The patch titled
>  xfrm_policy warning fix
> has been added to the -mm tree.  Its filename is
>  xfrm_policy-warning-fix.patch
> 
> *** Remember to use Documentation/SubmitChecklist when testing your code ***
> 
> See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
> out what to do about this
> 
> --
> Subject: xfrm_policy warning fix
> From: Andrew Morton <[EMAIL PROTECTED]>
> 
> Fix this:
> 
> net/xfrm/xfrm_policy.c: In function '__xfrm_lookup':
> net/xfrm/xfrm_policy.c:1449: warning: 'dst' may be used uninitialized in this 
> function
> 
> by checking for impossible values in the switch().

Thanks Andrew.  I've added the following patch to net-2.6.
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
commit 5e5234ff17ef98932688116025b30958bd28a940
Author: Herbert Xu <[EMAIL PROTECTED]>
Date:   Fri Nov 30 00:50:31 2007 +1100

[IPSEC]: Fix uninitialised dst warning in __xfrm_lookup

Andrew Morton reported that __xfrm_lookup generates this warning:

net/xfrm/xfrm_policy.c: In function '__xfrm_lookup':
net/xfrm/xfrm_policy.c:1449: warning: 'dst' may be used uninitialized in 
this function

This is because if policy->action is of an unexpected value then dst will
not be initialised.  Of course, in practice this should never happen since
the input layer xfrm_user/af_key will filter out all illegal values.  But
the compiler doesn't know that of course.

So this patch fixes this by taking the conservative approach and treat all
unknown actions the same as a blocking action.

Thanks to Andrew for finding this and providing an initial fix.

Signed-off-by: Herbert Xu <[EMAIL PROTECTED]>

diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index b702bd8..9a4cf2e 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1344,6 +1344,7 @@ restart:
xfrm_nr += pols[0]->xfrm_nr;
 
switch (policy->action) {
+   default:
case XFRM_POLICY_BLOCK:
/* Prohibit the flow */
err = -EPERM;
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: + xfrm_policy-warning-fix.patch added to -mm tree

Re: + xfrm_policy-warning-fix.patch added to -mm tree

Re: + xfrm_policy-warning-fix.patch added to -mm tree

3 matches

Site Navigation

Mail list logo

Footer information