Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758703AbZJMBkP (ORCPT ); Mon, 12 Oct 2009 21:40:15 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1753441AbZJMBkO (ORCPT ); Mon, 12 Oct 2009 21:40:14 -0400 Received: from blv-smtpout-01.boeing.com ([130.76.32.69]:54425 "EHLO blv-smtpout-01.boeing.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754490AbZJMBkN convert rfc822-to-8bit (ORCPT ); Mon, 12 Oct 2009 21:40:13 -0400 X-Greylist: delayed 6166 seconds by postgrey-1.27 at vger.kernel.org; Mon, 12 Oct 2009 21:40:13 EDT From: "Templin, Fred L" To: Greg KH , David Miller CC: "contact@saschahlusiak.de" , "yoshfuji@linux-ipv6.org" , "gregkh@suse.de" , "linux-kernel@vger.kernel.org" , "stable@kernel.org" , "akpm@linux-foundation.org" , "torvalds@linux-foundation.org" , "stable-review@kernel.org" , "alan@lxorguk.ukuu.org.uk" Date: Mon, 12 Oct 2009 16:29:53 -0700 Subject: RE: [stable] [patch 37/37] sit: fix off-by-one inipip6_tunnel_get_prl Thread-Topic: [stable] [patch 37/37] sit: fix off-by-one inipip6_tunnel_get_prl Thread-Index: AcpLiGSwcQHkG4D1Rmy/d1MvadA+AgABrJRg Message-ID: <12F4112206976147A34FEC0277597CCF27A4164C1A@XCH-NW-15V.nw.nos.boeing.com> References: <20091009233411.852013234@mini.kroah.org><20091009233440.7866800 01@mini.kroah.org><12F4112206976147A34FEC0277597CCF27A416492F@XCH-NW-15V.nw .nos.boeing.com><20091009.204231.204042155.davem@davemloft.net> <20091012220445.GB31010@kroah.com> In-Reply-To: <20091012220445.GB31010@kroah.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US x-tm-as-product-ver: SMEX-8.0.0.1181-5.600.1016-16942.004 x-tm-as-result: No--69.265000-8.000000-31 x-tm-as-user-approved-sender: No x-tm-as-user-blocked-sender: No Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8BIT MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2078 Lines: 56 Greg, > -----Original Message----- > From: Greg KH [mailto:greg@kroah.com] > Sent: Monday, October 12, 2009 3:05 PM > To: David Miller > Cc: Templin, Fred L; contact@saschahlusiak.de; yoshfuji@linux-ipv6.org; gregkh@suse.de; linux- > kernel@vger.kernel.org; stable@kernel.org; akpm@linux-foundation.org; torvalds@linux-foundation.org; > stable-review@kernel.org; alan@lxorguk.ukuu.org.uk > Subject: Re: [stable] [patch 37/37] sit: fix off-by-one inipip6_tunnel_get_prl > > On Fri, Oct 09, 2009 at 08:42:31PM -0700, David Miller wrote: > > From: "Templin, Fred L" > > Date: Fri, 9 Oct 2009 17:34:49 -0700 > > > > > Wait a moment - I remember now that this code came > > > from Yoshifuji, and I believe there was a reason for > > > the cmax+1. The application is expected to know this > > > and to post a large enough buffer. > > > > > > Can we put this on hold until I have had a chance to > > > check my e-mail archives and my local iproute changes > > > (will respond on monday)? > > > > Sure, we can keep it out of -stable for now. > > > > But it is in Linus's tree so if you find we shouldn't do this > > you'll need to send me a revert for net-2.6 > > > > Otherwise if it's good, you'll have to remind me to resubmit > > it to -stable. > > Ah crap, I just commited it. > > Is it really broken? If so, I'll go revert it and cut a new release. > > Sorry about this. As I just mentioned to David, I tested and the patch is good. To test, I allocated a buffer in the application that was too small to hold the entire PRL. Without the patch, the system crashes. With the patch, the kernel returns the maximum number of PRL entries without crashing and without overrunning the application's buffer. Please apply the patch if you have not already done so. Fred fred.l.templin@boeing.com > greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/