Patch "fib_trie: remove potential out of bound access" has been added to the 3.4-stable tree

[gregkh]

This is a note to let you know that I've just added the patch titled

    fib_trie: remove potential out of bound access

to the 3.4-stable tree which can be found at:
    
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     fib_trie-remove-potential-out-of-bound-access.patch
and it can be found in the queue-3.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From 28561e4df3d4d37ea5dbf01cd8623a5fe2dbb369 Mon Sep 17 00:00:00 2001
From: Eric Dumazet <eduma...@google.com>
Date: Mon, 5 Aug 2013 11:18:49 -0700
Subject: fib_trie: remove potential out of bound access

From: Eric Dumazet <eduma...@google.com>

[ Upstream commit aab515d7c32a34300312416c50314e755ea6f765 ]

AddressSanitizer [1] dynamic checker pointed a potential
out of bound access in leaf_walk_rcu()

We could allocate one more slot in tnode_new() to leave the prefetch()
in-place but it looks not worth the pain.

Bug added in commit 82cfbb008572b ("[IPV4] fib_trie: iterator recode")

[1] :
https://code.google.com/p/address-sanitizer/wiki/AddressSanitizerForKernel

Reported-by: Andrey Konovalov <andreyk...@google.com>
Signed-off-by: Eric Dumazet <eduma...@google.com>
Cc: Dmitry Vyukov <dvyu...@google.com>
Signed-off-by: David S. Miller <da...@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>
---
 net/ipv4/fib_trie.c |    5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

--- a/net/ipv4/fib_trie.c
+++ b/net/ipv4/fib_trie.c
@@ -71,7 +71,6 @@
 #include <linux/init.h>
 #include <linux/list.h>
 #include <linux/slab.h>
-#include <linux/prefetch.h>
 #include <linux/export.h>
 #include <net/net_namespace.h>
 #include <net/ip.h>
@@ -1772,10 +1771,8 @@ static struct leaf *leaf_walk_rcu(struct
                        if (!c)
                                continue;
 
-                       if (IS_LEAF(c)) {
-                               prefetch(rcu_dereference_rtnl(p->child[idx]));
+                       if (IS_LEAF(c))
                                return (struct leaf *) c;
-                       }
 
                        /* Rescan start scanning in new node */
                        p = (struct tnode *) c;


Patches currently in stable-queue which might be from eduma...@google.com are

queue-3.4/tcp-cubic-fix-overflow-error-in-bictcp_update.patch
queue-3.4/tcp-cubic-fix-bug-in-bictcp_acked.patch
queue-3.4/net-ipv6-tcp-fix-potential-use-after-free-in-tcp_v6_do_rcv.patch
queue-3.4/net-check-net.core.somaxconn-sysctl-values.patch
queue-3.4/htb-fix-sign-extension-bug.patch
queue-3.4/fib_trie-remove-potential-out-of-bound-access.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html