tipc: Fix minor bugs in link session number handling

This patch introduces a new, out-of-range value to indicate that a link endpoint does not have an existing session established with its peer, eliminating the risk that the previously used "invalid session number" value (i.e. zero) might eventually be assigned as a valid session number and cause incorrect link behavior. The patch also introduces explicit bit masking when assigning a new link session number to ensure it does not exceed 16 bits. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>

tipc: Fix minor bugs in link session number handling
This patch introduces a new, out-of-range value to indicate that a link endpoint does not have an existing session established with its peer, eliminating the risk that the previously used "invalid session number" value (i.e. zero) might eventually be assigned as a valid session number and cause incorrect link behavior. The patch also introduces explicit bit masking when assigning a new link session number to ensure it does not exceed 16 bits. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
a686e685 · Allan Stephens · David S. Miller · e0d4e3d0 · a686e685
Commit a686e685 authored Jun 04, 2008 by Allan Stephens Committed by David S. Miller Jun 04, 2008
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 5 deletions

net/tipc/link.c net/tipc/link.c +12 -5

No files found.
--- a/net/tipc/link.c
+++ b/net/tipc/link.c
@@ -50,6 +50,12 @@
 #include "bcast.h"


+/*
+ * Out-of-range value for link session numbers
+ */
+
+#define INVALID_SESSION 0x10000
+
 /*
 * Limit for deferred reception queue:
 */
@@ -464,7 +470,7 @@ struct link *tipc_link_create(struct bearer *b_ptr, const u32 peer,
 	msg = l_ptr->pmsg;
 	msg_init(msg, LINK_PROTOCOL, RESET_MSG, TIPC_OK, INT_H_SIZE, l_ptr->addr);
 	msg_set_size(msg, sizeof(l_ptr->proto_msg));
-	msg_set_session(msg, tipc_random);
+	msg_set_session(msg, (tipc_random & 0xffff));
 	msg_set_bearer_id(msg, b_ptr->identity);
 	strcpy((char *)msg_data(msg), if_name);

@@ -705,10 +711,10 @@ void tipc_link_reset(struct link *l_ptr)
 	u32 checkpoint = l_ptr->next_in_no;
 	int was_active_link = tipc_link_is_active(l_ptr);

-	msg_set_session(l_ptr->pmsg, msg_session(l_ptr->pmsg) + 1);
+	msg_set_session(l_ptr->pmsg, ((msg_session(l_ptr->pmsg) + 1) & 0xffff));

-	/* Link is down, accept any session: */
-	l_ptr->peer_session = 0;
+	/* Link is down, accept any session */
+	l_ptr->peer_session = INVALID_SESSION;

 	/* Prepare for max packet size negotiation */
 	link_init_max_pkt(l_ptr);
@@ -2275,7 +2281,8 @@ static void link_recv_proto_msg(struct link *l_ptr, struct sk_buff *buf)
 	switch (msg_type(msg)) {

 	case RESET_MSG:
-		if (!link_working_unknown(l_ptr) && l_ptr->peer_session) {
+		if (!link_working_unknown(l_ptr) &&
+		    (l_ptr->peer_session != INVALID_SESSION)) {
 			if (msg_session(msg) == l_ptr->peer_session) {
 				dbg("Duplicate RESET: %u<->%u\n",
 				    msg_session(msg), l_ptr->peer_session);