From patchwork Thu Jan 22 15:35:13 2009 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Layton X-Patchwork-Id: 3603 Received: from lists.samba.org (mail.samba.org [66.70.73.150]) by demeter.kernel.org (8.14.2/8.14.2) with ESMTP id n0MFVH0V024818 for ; Thu, 22 Jan 2009 07:31:18 -0800 Received: from dp.samba.org (localhost [127.0.0.1]) by lists.samba.org (Postfix) with ESMTP id C7923163BD3 for ; Thu, 22 Jan 2009 15:35:47 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on dp.samba.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.8 tests=AWL, BAYES_00, SPF_HELO_PASS, SPF_PASS autolearn=ham version=3.1.7 X-Original-To: linux-cifs-client@lists.samba.org Delivered-To: linux-cifs-client@lists.samba.org Received: from mx2.redhat.com (mx2.redhat.com [66.187.237.31]) by lists.samba.org (Postfix) with ESMTP id 5BAE2163BD2 for ; Thu, 22 Jan 2009 15:35:07 +0000 (GMT) Received: from int-mx2.corp.redhat.com (int-mx2.corp.redhat.com [172.16.27.26]) by mx2.redhat.com (8.13.8/8.13.8) with ESMTP id n0MFZEbq013996; Thu, 22 Jan 2009 10:35:14 -0500 Received: from ns3.rdu.redhat.com (ns3.rdu.redhat.com [10.11.255.199]) by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n0MFZEA5012200; Thu, 22 Jan 2009 10:35:15 -0500 Received: from dantu.rdu.redhat.com (dantu.rdu.redhat.com [10.11.228.66]) by ns3.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id n0MFZF00026100; Thu, 22 Jan 2009 10:35:15 -0500 Received: from dantu.rdu.redhat.com ([127.0.0.1]) by dantu.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id n0MFZDQE009043; Thu, 22 Jan 2009 10:35:13 -0500 Received: (from jlayton@localhost) by dantu.rdu.redhat.com (8.13.8/8.13.8/Submit) id n0MFZDNp009042; Thu, 22 Jan 2009 10:35:13 -0500 From: Jeff Layton To: stable@kernel.org Date: Thu, 22 Jan 2009 10:35:13 -0500 Message-Id: <1232638513-9022-1-git-send-email-jlayton@redhat.com> X-Scanned-By: MIMEDefang 2.58 on 172.16.27.26 Cc: linux-fsdevel@vger.kernel.org, smfrench@gmail.com, linux-cifs-client@lists.samba.org, linux-kernel@vger.kernel.org Subject: [linux-cifs-client] [PATCH -stable] cifs: make sure we allocate enough storage for socket address X-BeenThere: linux-cifs-client@lists.samba.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: The Linux CIFS VFS client List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-cifs-client-bounces+patchwork-cifs-client=patchwork.kernel.org@lists.samba.org Errors-To: linux-cifs-client-bounces+patchwork-cifs-client=patchwork.kernel.org@lists.samba.org cifs_mount declares a struct sockaddr on the stack and then casts it to the proper address type. The storage allocated is fine for ipv4, but is too small for ipv6 addresses. Declare it as "struct sockaddr_storage" instead of struct sockaddr". This bug was manifesting itself as oopses and address corruption when mounting IPv6 addresses. Signed-off-by: Jeff Layton Tested-by: Stefan Bader --- fs/cifs/connect.c | 18 +++++++++--------- 1 files changed, 9 insertions(+), 9 deletions(-) diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 223647f..f254235 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -1349,7 +1349,7 @@ cifs_parse_mount_options(char *options, const char *devname, } static struct TCP_Server_Info * -cifs_find_tcp_session(struct sockaddr *addr) +cifs_find_tcp_session(struct sockaddr_storage *addr) { struct list_head *tmp; struct TCP_Server_Info *server; @@ -1369,11 +1369,11 @@ cifs_find_tcp_session(struct sockaddr *addr) if (server->tcpStatus == CifsNew) continue; - if (addr->sa_family == AF_INET && + if (addr->ss_family == AF_INET && (addr4->sin_addr.s_addr != server->addr.sockAddr.sin_addr.s_addr)) continue; - else if (addr->sa_family == AF_INET6 && + else if (addr->ss_family == AF_INET6 && memcmp(&server->addr.sockAddr6.sin6_addr, &addr6->sin6_addr, sizeof(addr6->sin6_addr))) continue; @@ -2027,7 +2027,7 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, int rc = 0; int xid; struct socket *csocket = NULL; - struct sockaddr addr; + struct sockaddr_storage addr; struct sockaddr_in *sin_server = (struct sockaddr_in *) &addr; struct sockaddr_in6 *sin_server6 = (struct sockaddr_in6 *) &addr; struct smb_vol volume_info; @@ -2039,7 +2039,7 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, /* cFYI(1, ("Entering cifs_mount. Xid: %d with: %s", xid, mount_data)); */ - memset(&addr, 0, sizeof(struct sockaddr)); + memset(&addr, 0, sizeof(struct sockaddr_storage)); memset(&volume_info, 0, sizeof(struct smb_vol)); if (cifs_parse_mount_options(mount_data, devname, &volume_info)) { rc = -EINVAL; @@ -2069,9 +2069,9 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, rc = cifs_inet_pton(AF_INET6, volume_info.UNCip, &sin_server6->sin6_addr.in6_u); if (rc > 0) - addr.sa_family = AF_INET6; + addr.ss_family = AF_INET6; } else { - addr.sa_family = AF_INET; + addr.ss_family = AF_INET; } if (rc <= 0) { @@ -2113,7 +2113,7 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, srvTcp = cifs_find_tcp_session(&addr); if (!srvTcp) { /* create socket */ - if (addr.sa_family == AF_INET6) { + if (addr.ss_family == AF_INET6) { cFYI(1, ("attempting ipv6 connect")); /* BB should we allow ipv6 on port 139? */ /* other OS never observed in Wild doing 139 with v6 */ @@ -2144,7 +2144,7 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, } else { srvTcp->noblocksnd = volume_info.noblocksnd; srvTcp->noautotune = volume_info.noautotune; - if (addr.sa_family == AF_INET6) + if (addr.ss_family == AF_INET6) memcpy(&srvTcp->addr.sockAddr6, sin_server6, sizeof(struct sockaddr_in6)); else