diff options
author | Nathaniel Filardo <nwfilardo@gmail.com> | 2008-02-05 03:05:07 -0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-02-05 03:05:07 -0800 |
commit | a26af1e08a3a1e0f88e6f2685ac2313d713a59c9 (patch) | |
tree | c4b9cdf04305c094e88e2446ec25f7823d38158e /net/bluetooth | |
parent | cd8d627a6b66d9755637b4dad2083864a9bfce9a (diff) | |
download | op-kernel-dev-a26af1e08a3a1e0f88e6f2685ac2313d713a59c9.zip op-kernel-dev-a26af1e08a3a1e0f88e6f2685ac2313d713a59c9.tar.gz |
tun: impossible to deassert IFF_ONE_QUEUE or IFF_NO_PI
From: "Nathaniel Filardo" <nwfilardo@gmail.com>
Taken from http://bugzilla.kernel.org/show_bug.cgi?id=9806
The TUN/TAP driver only permits one-way transitions of IFF_NO_PI or
IFF_ONE_QUEUE during the lifetime of a tap/tun interface. Note that
tun_set_iff contains
541 if (ifr->ifr_flags & IFF_NO_PI)
542 tun->flags |= TUN_NO_PI;
543
544 if (ifr->ifr_flags & IFF_ONE_QUEUE)
545 tun->flags |= TUN_ONE_QUEUE;
This is easily fixed by adding else branches which clear these bits.
Steps to reproduce:
This is easily reproduced by setting an interface persistant using tunctl then
attempting to open it as IFF_TAP or IFF_TUN, without asserting the IFF_NO_PI
flag. The ioctl() will succeed and the ifr.flags word is not modified, but the
interface remains in IFF_NO_PI mode (as it was set by tunctl).
Acked-by: Maxim Krasnyansky <maxk@qualcomm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/bluetooth')
0 files changed, 0 insertions, 0 deletions