selftests/net: psock_fanout seg faults in sock_fanout_read_ring()

The while loop in sock_fanout_read_ring() checks mmap region bounds after access, causing it to segfault. Fix it to check count before accessing header->tp_status. This problem can be reproduced consistently when the test in run as follows: make -C tools/testing/selftests TARGETS=net run_tests or make run_tests from tools/testing/selftests or make run_test from tools/testing/selftests/net Signed-off-by: N Shuah Khan <shuahkh@osg.samsung.com> Signed-off-by: N David S. Miller <davem@davemloft.net>

selftests/net: psock_fanout seg faults in sock_fanout_read_ring()
The while loop in sock_fanout_read_ring() checks mmap region bounds after access, causing it to segfault. Fix it to check count before accessing header->tp_status. This problem can be reproduced consistently when the test in run as follows: make -C tools/testing/selftests TARGETS=net run_tests or make run_tests from tools/testing/selftests or make run_test from tools/testing/selftests/net Signed-off-by: N Shuah Khan <shuahkh@osg.samsung.com> Signed-off-by: N David S. Miller <davem@davemloft.net>
fbf8e721 · Shuah Khan · David S. Miller · caa13a9f · fbf8e721
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

tools/testing/selftests/net/psock_fanout.c tools/testing/selftests/net/psock_fanout.c +1 -1

未找到文件。
--- a/tools/testing/selftests/net/psock_fanout.c
+++ b/tools/testing/selftests/net/psock_fanout.c
@@ -128,7 +128,7 @@ static int sock_fanout_read_ring(int fd, void *ring)
 	struct tpacket2_hdr *header = ring;
 	int count = 0;
-	while (header->tp_status & TP_STATUS_USER && count < RING_NUM_FRAMES) {
+	while (count < RING_NUM_FRAMES && header->tp_status & TP_STATUS_USER) {
 		count++;
 		header = ring + (count * getpagesize());
 	}