forked from luck/tmp_suning_uos_patched
fib_trie: remove potential out of bound access
AddressSanitizer [1] dynamic checker pointed a potential
out of bound access in leaf_walk_rcu()
We could allocate one more slot in tnode_new() to leave the prefetch()
in-place but it looks not worth the pain.
Bug added in commit 82cfbb0085
("[IPV4] fib_trie: iterator recode")
[1] :
https://code.google.com/p/address-sanitizer/wiki/AddressSanitizerForKernel
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
3b380877d5
commit
aab515d7c3
|
@ -71,7 +71,6 @@
|
|||
#include <linux/init.h>
|
||||
#include <linux/list.h>
|
||||
#include <linux/slab.h>
|
||||
#include <linux/prefetch.h>
|
||||
#include <linux/export.h>
|
||||
#include <net/net_namespace.h>
|
||||
#include <net/ip.h>
|
||||
|
@ -1761,10 +1760,8 @@ static struct leaf *leaf_walk_rcu(struct tnode *p, struct rt_trie_node *c)
|
|||
if (!c)
|
||||
continue;
|
||||
|
||||
if (IS_LEAF(c)) {
|
||||
prefetch(rcu_dereference_rtnl(p->child[idx]));
|
||||
if (IS_LEAF(c))
|
||||
return (struct leaf *) c;
|
||||
}
|
||||
|
||||
/* Rescan start scanning in new node */
|
||||
p = (struct tnode *) c;
|
||||
|
|
Loading…
Reference in New Issue
Block a user