Commit aab515d7 authored Aug 05, 2013 by Eric Dumazet Committed by David S. Miller Aug 05, 2013

fib_trie: remove potential out of bound access

AddressSanitizer [1] dynamic checker pointed a potential
out of bound access in leaf_walk_rcu()

We could allocate one more slot in tnode_new() to leave the prefetch()
in-place but it looks not worth the pain.

Bug added in commit 82cfbb00 ("[IPV4] fib_trie: iterator recode")

[1] :
https://code.google.com/p/address-sanitizer/wiki/AddressSanitizerForKernel



Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 3b380877

net/ipv4/fib_trie.c

+1 −4

Original line number	Diff line number	Diff line
		@@ -71,7 +71,6 @@
		#include <linux/init.h>
		#include <linux/list.h>
		#include <linux/slab.h>
		#include <linux/prefetch.h>
		#include <linux/export.h>
		#include <net/net_namespace.h>
		#include <net/ip.h>
		@@ -1761,10 +1760,8 @@ static struct leaf leaf_walk_rcu(struct tnode p, struct rt_trie_node *c)
		if (!c)
		continue;

		if (IS_LEAF(c)) {
		prefetch(rcu_dereference_rtnl(p->child[idx]));
		if (IS_LEAF(c))
		return (struct leaf *) c;
		}

		/* Rescan start scanning in new node */
		p = (struct tnode *) c;