Message ID | 20191211082243.28465-1-ap420073@gmail.com |
---|---|
Headers | show |
Series | gtp: fix several bugs in gtp module | expand |
On Wed, 11 Dec 2019 08:22:43 +0000, Taehee Yoo wrote: > This patchset fixes several bugs in the GTP module. > > 1. Do not allow adding duplicate TID and ms_addr pdp context. > In the current code, duplicate TID and ms_addr pdp context could be added. > So, RX and TX path could find correct pdp context. > > 2. Fix wrong condition in ->dumpit() callback. > ->dumpit() callback is re-called if dump packet size is too big. > So, before return, it saves last position and then restart from > last dump position. > TID value is used to find last dump position. > GTP module allows adding zero TID value. But ->dumpit() callback ignores > zero TID value. > So, dump would not work correctly if dump packet size too big. > > 3. Fix use-after-free in ipv4_pdp_find(). > RX and TX patch always uses gtp->tid_hash and gtp->addr_hash. > but while packet processing, these hash pointer would be freed. > So, use-after-free would occur. > > 4. Fix panic because of zero size hashtable > GTP hashtable size could be set by user-space. > If hashsize is set to 0, hashtable will not work and panic will occur. Looks good to me, thank you, applied and queued for stable.