From 03b92017933bd22a3dca6830048877dd3162f872 Mon Sep 17 00:00:00 2001 From: Jon Paul Maloy Date: Thu, 13 Feb 2014 17:29:05 -0500 Subject: [PATCH] tipc: stricter behavior of message reassembly function The function tipc_link_recv_fragment(struct sk_buff **buf) currently leaves the value of the input buffer pointer undefined when it returns, except when the return code indicates that the reassembly is complete. This despite the fact that it always consumes the input buffer. Here, we enforce a stricter behavior by this function, ensuring that the returned buffer pointer is non-NULL if and only if the reassembly is complete. This makes it possible to test for the buffer pointer as criteria for successful reassembly. We also rename the function to tipc_link_frag_rcv(), which is both shorter and more in line with common naming practice in the network subsystem. Apart from the new name, these changes have no impact on current users of the function, but makes it more practical for use in some planned future commits. Signed-off-by: Jon Maloy Reviewed-by: Ying Xue Signed-off-by: David S. Miller --- net/tipc/bcast.c | 6 +++--- net/tipc/link.c | 16 +++++++++------- net/tipc/link.h | 6 +++--- 3 files changed, 15 insertions(+), 13 deletions(-) diff --git a/net/tipc/bcast.c b/net/tipc/bcast.c index bf860d9e75af..af35f76c6b29 100644 --- a/net/tipc/bcast.c +++ b/net/tipc/bcast.c @@ -481,9 +481,9 @@ receive: tipc_link_recv_bundle(buf); } else if (msg_user(msg) == MSG_FRAGMENTER) { int ret; - ret = tipc_link_recv_fragment(&node->bclink.reasm_head, - &node->bclink.reasm_tail, - &buf); + ret = tipc_link_frag_rcv(&node->bclink.reasm_head, + &node->bclink.reasm_tail, + &buf); if (ret == LINK_REASM_ERROR) goto unlock; spin_lock_bh(&bc_lock); diff --git a/net/tipc/link.c b/net/tipc/link.c index d4b5de41b682..17fbd15fcad8 100644 --- a/net/tipc/link.c +++ b/net/tipc/link.c @@ -1584,9 +1584,9 @@ deliver: continue; case MSG_FRAGMENTER: l_ptr->stats.recv_fragments++; - ret = tipc_link_recv_fragment(&l_ptr->reasm_head, - &l_ptr->reasm_tail, - &buf); + ret = tipc_link_frag_rcv(&l_ptr->reasm_head, + &l_ptr->reasm_tail, + &buf); if (ret == LINK_REASM_COMPLETE) { l_ptr->stats.recv_fragmented++; msg = buf_msg(buf); @@ -2277,12 +2277,11 @@ static int link_send_long_buf(struct tipc_link *l_ptr, struct sk_buff *buf) return dsz; } -/* - * tipc_link_recv_fragment(): Called with node lock on. Returns +/* tipc_link_frag_rcv(): Called with node lock on. Returns * the reassembled buffer if message is complete. */ -int tipc_link_recv_fragment(struct sk_buff **head, struct sk_buff **tail, - struct sk_buff **fbuf) +int tipc_link_frag_rcv(struct sk_buff **head, struct sk_buff **tail, + struct sk_buff **fbuf) { struct sk_buff *frag = *fbuf; struct tipc_msg *msg = buf_msg(frag); @@ -2296,6 +2295,7 @@ int tipc_link_recv_fragment(struct sk_buff **head, struct sk_buff **tail, goto out_free; *head = frag; skb_frag_list_init(*head); + *fbuf = NULL; return 0; } else if (*head && skb_try_coalesce(*head, frag, &headstolen, &delta)) { @@ -2315,10 +2315,12 @@ int tipc_link_recv_fragment(struct sk_buff **head, struct sk_buff **tail, *tail = *head = NULL; return LINK_REASM_COMPLETE; } + *fbuf = NULL; return 0; out_free: pr_warn_ratelimited("Link unable to reassemble fragmented message\n"); kfree_skb(*fbuf); + *fbuf = NULL; return LINK_REASM_ERROR; } diff --git a/net/tipc/link.h b/net/tipc/link.h index 3b6aa65b608c..8addc5ec5fc6 100644 --- a/net/tipc/link.h +++ b/net/tipc/link.h @@ -239,9 +239,9 @@ int tipc_link_send_sections_fast(struct tipc_port *sender, struct iovec const *msg_sect, unsigned int len, u32 destnode); void tipc_link_recv_bundle(struct sk_buff *buf); -int tipc_link_recv_fragment(struct sk_buff **reasm_head, - struct sk_buff **reasm_tail, - struct sk_buff **fbuf); +int tipc_link_frag_rcv(struct sk_buff **reasm_head, + struct sk_buff **reasm_tail, + struct sk_buff **fbuf); void tipc_link_send_proto_msg(struct tipc_link *l_ptr, u32 msg_typ, int prob, u32 gap, u32 tolerance, u32 priority, u32 acked_mtu);