This is a false positive. msg_bearer_id() returns a number between
0-1ffff so it can't overflow. I remember fixing this bug on my computer
but I may not have pushed the fix. I'll check.
regards,
dan carpenter
On Fri, Jul 31, 2015 at 01:03:18PM +0800, kbuild test robot wrote:
> TO: Jon Paul Maloy <jon.ma...@ericsson.com>
> CC: kbuild-...@01.org
> CC: Ying Xue <ying....@windriver.com>
>
> tree: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
> master
> head: 8400935737bf02d97da281bdcd139a421624b6ba
> commit: dff29b1a88524fe6afe296d6c477c491d1e02af0 tipc: eliminate delayed link
> deletion at link failover
> date: 4 months ago
> :::::: branch date: 86 minutes ago
> :::::: commit date: 4 months ago
>
> net/tipc/link.c:1768 tipc_link_failover_rcv() error: buffer overflow
> 'link->owner->links' 2 <= s32max
>
> git remote add linus
> git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
> git remote update linus
> git checkout dff29b1a88524fe6afe296d6c477c491d1e02af0
> vim +1768 net/tipc/link.c
>
> 2da71425 Jon Paul Maloy 2015-04-02 1752 struct tipc_msg *msg =
> buf_msg(*skb);
> 2da71425 Jon Paul Maloy 2015-04-02 1753 struct sk_buff *iskb = NULL;
> dff29b1a Jon Paul Maloy 2015-04-02 1754 struct tipc_link *pl = NULL;
> 2da71425 Jon Paul Maloy 2015-04-02 1755 int bearer_id =
> msg_bearer_id(msg);
> c1336ee4 Jon Paul Maloy 2015-03-13 1756 int pos = 0;
> f006c9c7 Jon Paul Maloy 2014-02-13 1757
> dff29b1a Jon Paul Maloy 2015-04-02 1758 if (msg_type(msg) !=
> FAILOVER_MSG) {
> 2da71425 Jon Paul Maloy 2015-04-02 1759 pr_warn("%sunknown
> tunnel pkt received\n", link_co_err);
> 2da71425 Jon Paul Maloy 2015-04-02 1760 goto exit;
> 2da71425 Jon Paul Maloy 2015-04-02 1761 }
> 2da71425 Jon Paul Maloy 2015-04-02 1762 if (bearer_id >= MAX_BEARERS)
> 2da71425 Jon Paul Maloy 2015-04-02 1763 goto exit;
> dff29b1a Jon Paul Maloy 2015-04-02 1764
> dff29b1a Jon Paul Maloy 2015-04-02 1765 if (bearer_id ==
> link->bearer_id)
> 2da71425 Jon Paul Maloy 2015-04-02 1766 goto exit;
> f006c9c7 Jon Paul Maloy 2014-02-13 1767
> dff29b1a Jon Paul Maloy 2015-04-02 @1768 pl =
> link->owner->links[bearer_id];
> dff29b1a Jon Paul Maloy 2015-04-02 1769 if (pl && tipc_link_is_up(pl))
> dff29b1a Jon Paul Maloy 2015-04-02 1770 tipc_link_reset(pl);
> dff29b1a Jon Paul Maloy 2015-04-02 1771
> dff29b1a Jon Paul Maloy 2015-04-02 1772 if (link->failover_pkts ==
> FIRST_FAILOVER)
> dff29b1a Jon Paul Maloy 2015-04-02 1773 link->failover_pkts =
> msg_msgcnt(msg);
> f006c9c7 Jon Paul Maloy 2014-02-13 1774
> 2da71425 Jon Paul Maloy 2015-04-02 1775 /* Should we expect an inner
> packet? */
> dff29b1a Jon Paul Maloy 2015-04-02 1776 if (!link->failover_pkts)
>
> ---
> 0-DAY kernel test infrastructure Open Source Technology Center
> https://lists.01.org/pipermail/kbuild-all Intel Corporation
_______________________________________________
kbuild mailing list
kbuild@lists.01.org
https://lists.01.org/mailman/listinfo/kbuild
