Message ID | 1474797596-13320-3-git-send-email-zenczykowski@gmail.com |
---|---|
State | Changes Requested, archived |
Delegated to: | David Miller |
Headers | show |
On Sun, Sep 25, 2016 at 6:59 PM, Maciej Żenczykowski
<zenczykowski@gmail.com> wrote:
> + ifp->idev->cnf.rtr_solicits != 0 &&
Given that some of this patch checks for == -1, and some of it checks
for != 0... is it possible that setting the value to something
unexpected like -3 will cause any issues to the stack? (Other than
just rendering IPv6 unusable on this interface, which seems like a
given.)
> Given that some of this patch checks for == -1, and some of it checks > for != 0... is it possible that setting the value to something > unexpected like -3 will cause any issues to the stack? (Other than > just rendering IPv6 unusable on this interface, which seems like a > given.) You shouldn't be able to set it to -3, that's what the extra1 is for...
On 27 September 2016 at 11:23, Maciej Żenczykowski <zenczykowski@gmail.com> wrote: >> Given that some of this patch checks for == -1, and some of it checks >> for != 0... is it possible that setting the value to something >> unexpected like -3 will cause any issues to the stack? (Other than >> just rendering IPv6 unusable on this interface, which seems like a >> given.) > > You shouldn't be able to set it to -3, that's what the extra1 is for... the proc_dointvec_minmax reference with &minus_one means you shouldn't be able to set it below -1.
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index 3a835495fb53..6c63bf06fbcf 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -3687,7 +3687,7 @@ static void addrconf_rs_timer(unsigned long data) if (idev->if_flags & IF_RA_RCVD) goto out; - if (idev->rs_probes++ < idev->cnf.rtr_solicits) { + if (idev->rs_probes++ < idev->cnf.rtr_solicits || idev->cnf.rtr_solicits == -1) { write_unlock(&idev->lock); if (!ipv6_get_lladdr(dev, &lladdr, IFA_F_TENTATIVE)) ndisc_send_rs(dev, &lladdr, @@ -3949,7 +3949,7 @@ static void addrconf_dad_completed(struct inet6_ifaddr *ifp) send_mld = ifp->scope == IFA_LINK && ipv6_lonely_lladdr(ifp); send_rs = send_mld && ipv6_accept_ra(ifp->idev) && - ifp->idev->cnf.rtr_solicits > 0 && + ifp->idev->cnf.rtr_solicits != 0 && (dev->flags&IFF_LOOPBACK) == 0; read_unlock_bh(&ifp->idev->lock); @@ -5099,7 +5099,7 @@ static int inet6_set_iftoken(struct inet6_dev *idev, struct in6_addr *token) return -EINVAL; if (!ipv6_accept_ra(idev)) return -EINVAL; - if (idev->cnf.rtr_solicits <= 0) + if (idev->cnf.rtr_solicits == 0) return -EINVAL; write_lock_bh(&idev->lock); @@ -5699,6 +5699,7 @@ int addrconf_sysctl_ignore_routes_with_linkdown(struct ctl_table *ctl, return ret; } +static int minus_one = -1; static int one = 1; static int two_five_five = 255; @@ -5759,7 +5760,8 @@ static const struct ctl_table addrconf_sysctl[] = { .data = &ipv6_devconf.rtr_solicits, .maxlen = sizeof(int), .mode = 0644, - .proc_handler = proc_dointvec, + .proc_handler = proc_dointvec_minmax, + .extra1 = &minus_one, }, { .procname = "router_solicitation_interval",