Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit aba36930 authored by Willem de Bruijn's avatar Willem de Bruijn Committed by David S. Miller
Browse files

net: always initialize pagedlen 



In ip packet generation, pagedlen is initialized for each skb at the
start of the loop in __ip(6)_append_data, before label alloc_new_skb.

Depending on compiler options, code can be generated that jumps to
this label, triggering use of an an uninitialized variable.

In practice, at -O2, the generated code moves the initialization below
the label. But the code should not rely on that for correctness.

Fixes: 15e36f5b ("udp: paged allocation with gso")
Signed-off-by: default avatarWillem de Bruijn <willemb@google.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 9efdda4e

net/ipv4/ip_output.c

+2 −1
Original line number Diff line number Diff line
@@ -939,7 +939,7 @@ static int __ip_append_data(struct sock *sk, 
			unsigned int fraglen;

			unsigned int fraggap;

			unsigned int alloclen;

			unsigned int pagedlen = 0;

			unsigned int pagedlen;

			struct sk_buff *skb_prev;

alloc_new_skb:

			skb_prev = skb;
@@ -956,6 +956,7 @@ static int __ip_append_data(struct sock *sk, 
			if (datalen > mtu - fragheaderlen)

				datalen = maxfraglen - fragheaderlen;

			fraglen = datalen + fragheaderlen;

			pagedlen = 0;



			if ((flags & MSG_MORE) &&

			    !(rt->dst.dev->features&NETIF_F_SG))

net/ipv6/ip6_output.c

+2 −1
Original line number Diff line number Diff line
@@ -1354,7 +1354,7 @@ static int __ip6_append_data(struct sock *sk, 
			unsigned int fraglen;

			unsigned int fraggap;

			unsigned int alloclen;

			unsigned int pagedlen = 0;

			unsigned int pagedlen;

alloc_new_skb:

			/* There's no room in the current skb */

			if (skb)
@@ -1378,6 +1378,7 @@ static int __ip6_append_data(struct sock *sk, 
			if (datalen > (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen)

				datalen = maxfraglen - fragheaderlen - rt->dst.trailer_len;

			fraglen = datalen + fragheaderlen;

			pagedlen = 0;



			if ((flags & MSG_MORE) &&

			    !(rt->dst.dev->features&NETIF_F_SG))