All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] ipv4: fib_rules: Fix possible infinite loop in fib_empty_table
@ 2018-12-26  8:34 YueHaibing
  2018-12-29  5:15 ` David Miller
  0 siblings, 1 reply; 3+ messages in thread
From: YueHaibing @ 2018-12-26  8:34 UTC (permalink / raw)
  To: davem, kuznet, yoshfuji; +Cc: linux-kernel, netdev, YueHaibing

gcc warn this:
net/ipv4/fib_rules.c:203 fib_empty_table() warn:
 always true condition '(id <= 4294967295) => (0-u32max <= u32max)'

'id' is u32, which always not greater than RT_TABLE_MAX
(0xFFFFFFFF), So add a check to break while wrap around.

Signed-off-by: YueHaibing <yuehaibing@huawei.com>
---
 net/ipv4/fib_rules.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/net/ipv4/fib_rules.c b/net/ipv4/fib_rules.c
index f8eb78d..1567e12 100644
--- a/net/ipv4/fib_rules.c
+++ b/net/ipv4/fib_rules.c
@@ -200,9 +200,13 @@ static struct fib_table *fib_empty_table(struct net *net)
 {
 	u32 id;
 
-	for (id = 1; id <= RT_TABLE_MAX; id++)
+	for (id = 1; id <= RT_TABLE_MAX; id++) {
 		if (!fib_get_table(net, id))
 			return fib_new_table(net, id);
+
+		if (id == RT_TABLE_MAX)
+			break;
+	}
 	return NULL;
 }
 
-- 
2.7.4



^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] ipv4: fib_rules: Fix possible infinite loop in fib_empty_table
  2018-12-26  8:34 [PATCH] ipv4: fib_rules: Fix possible infinite loop in fib_empty_table YueHaibing
@ 2018-12-29  5:15 ` David Miller
  2018-12-29  6:46   ` YueHaibing
  0 siblings, 1 reply; 3+ messages in thread
From: David Miller @ 2018-12-29  5:15 UTC (permalink / raw)
  To: yuehaibing; +Cc: kuznet, yoshfuji, linux-kernel, netdev

From: YueHaibing <yuehaibing@huawei.com>
Date: Wed, 26 Dec 2018 16:34:20 +0800

> diff --git a/net/ipv4/fib_rules.c b/net/ipv4/fib_rules.c
> index f8eb78d..1567e12 100644
> --- a/net/ipv4/fib_rules.c
> +++ b/net/ipv4/fib_rules.c
> @@ -200,9 +200,13 @@ static struct fib_table *fib_empty_table(struct net *net)
>  {
>  	u32 id;
>  
> -	for (id = 1; id <= RT_TABLE_MAX; id++)
> +	for (id = 1; id <= RT_TABLE_MAX; id++) {
>  		if (!fib_get_table(net, id))
>  			return fib_new_table(net, id);
> +
> +		if (id == RT_TABLE_MAX)
> +			break;
> +	}
>  	return NULL;
>  }

The loop now has two exit conditions, one of which (by your analysis
is completely impossible).

Please clean this up into a loop with better structure and no
impossible tests.  One approach could be simply:

	id = 1;
	while (1) {
	...
		if (id++ == RT_TABLE_MAX)
			break;
	}

Or even:

	id = 0;
	while (++id) {
	...
	}

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] ipv4: fib_rules: Fix possible infinite loop in fib_empty_table
  2018-12-29  5:15 ` David Miller
@ 2018-12-29  6:46   ` YueHaibing
  0 siblings, 0 replies; 3+ messages in thread
From: YueHaibing @ 2018-12-29  6:46 UTC (permalink / raw)
  To: David Miller; +Cc: kuznet, yoshfuji, linux-kernel, netdev


On 2018/12/29 13:15, David Miller wrote:
> From: YueHaibing <yuehaibing@huawei.com>
> Date: Wed, 26 Dec 2018 16:34:20 +0800
> 
>> diff --git a/net/ipv4/fib_rules.c b/net/ipv4/fib_rules.c
>> index f8eb78d..1567e12 100644
>> --- a/net/ipv4/fib_rules.c
>> +++ b/net/ipv4/fib_rules.c
>> @@ -200,9 +200,13 @@ static struct fib_table *fib_empty_table(struct net *net)
>>  {
>>  	u32 id;
>>  
>> -	for (id = 1; id <= RT_TABLE_MAX; id++)
>> +	for (id = 1; id <= RT_TABLE_MAX; id++) {
>>  		if (!fib_get_table(net, id))
>>  			return fib_new_table(net, id);
>> +
>> +		if (id == RT_TABLE_MAX)
>> +			break;
>> +	}
>>  	return NULL;
>>  }
> 
> The loop now has two exit conditions, one of which (by your analysis
> is completely impossible).
> 

Thanks, will do it in v2.

> Please clean this up into a loop with better structure and no
> impossible tests.  One approach could be simply:
> 
> 	id = 1;
> 	while (1) {
> 	...
> 		if (id++ == RT_TABLE_MAX)
> 			break;
> 	}
> 
> Or even:
> 
> 	id = 0;
> 	while (++id) {
> 	...
> 	}
> 
> .
> 


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-12-29  6:47 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-26  8:34 [PATCH] ipv4: fib_rules: Fix possible infinite loop in fib_empty_table YueHaibing
2018-12-29  5:15 ` David Miller
2018-12-29  6:46   ` YueHaibing

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.