fib_trie: remove potential out of bound access
AddressSanitizer [1] dynamic checker pointed a potential
out of bound access in leaf_walk_rcu()
We could allocate one more slot in tnode_new() to leave the prefetch()
in-place but it looks not worth the pain.
Bug added in commit 82cfbb0085
("[IPV4] fib_trie: iterator recode")
[1] :
https://code.google.com/p/address-sanitizer/wiki/AddressSanitizerForKernel
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
3b380877d5
commit
aab515d7c3
|
@ -71,7 +71,6 @@
|
||||||
#include <linux/init.h>
|
#include <linux/init.h>
|
||||||
#include <linux/list.h>
|
#include <linux/list.h>
|
||||||
#include <linux/slab.h>
|
#include <linux/slab.h>
|
||||||
#include <linux/prefetch.h>
|
|
||||||
#include <linux/export.h>
|
#include <linux/export.h>
|
||||||
#include <net/net_namespace.h>
|
#include <net/net_namespace.h>
|
||||||
#include <net/ip.h>
|
#include <net/ip.h>
|
||||||
|
@ -1761,10 +1760,8 @@ static struct leaf *leaf_walk_rcu(struct tnode *p, struct rt_trie_node *c)
|
||||||
if (!c)
|
if (!c)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
if (IS_LEAF(c)) {
|
if (IS_LEAF(c))
|
||||||
prefetch(rcu_dereference_rtnl(p->child[idx]));
|
|
||||||
return (struct leaf *) c;
|
return (struct leaf *) c;
|
||||||
}
|
|
||||||
|
|
||||||
/* Rescan start scanning in new node */
|
/* Rescan start scanning in new node */
|
||||||
p = (struct tnode *) c;
|
p = (struct tnode *) c;
|
||||||
|
|
Loading…
Reference in New Issue