* [PATCH net-next] net: qualcomm: rmnet: fix two pointer math bugs
@ 2021-06-19 13:52 Dan Carpenter
2021-06-19 19:12 ` subashab
2021-06-21 19:30 ` patchwork-bot+netdevbpf
0 siblings, 2 replies; 6+ messages in thread
From: Dan Carpenter @ 2021-06-19 13:52 UTC (permalink / raw)
To: Subash Abhinov Kasiviswanathan
Cc: Sean Tranchetti, David S. Miller, Jakub Kicinski, netdev,
kernel-janitors
We recently changed these two pointers from void pointers to struct
pointers and it breaks the pointer math so now the "txphdr" points
beyond the end of the buffer.
Fixes: 56a967c4f7e5 ("net: qualcomm: rmnet: Remove some unneeded casts")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
drivers/net/ethernet/qualcomm/rmnet/rmnet_map_data.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/qualcomm/rmnet/rmnet_map_data.c b/drivers/net/ethernet/qualcomm/rmnet/rmnet_map_data.c
index 3ee5c1a8b46e..3676976c875b 100644
--- a/drivers/net/ethernet/qualcomm/rmnet/rmnet_map_data.c
+++ b/drivers/net/ethernet/qualcomm/rmnet/rmnet_map_data.c
@@ -168,7 +168,7 @@ static void rmnet_map_complement_ipv4_txporthdr_csum_field(struct iphdr *ip4h)
void *txphdr;
u16 *csum;
- txphdr = ip4h + ip4h->ihl * 4;
+ txphdr = (void *)ip4h + ip4h->ihl * 4;
if (ip4h->protocol == IPPROTO_TCP || ip4h->protocol == IPPROTO_UDP) {
csum = (u16 *)rmnet_map_get_csum_field(ip4h->protocol, txphdr);
@@ -203,7 +203,7 @@ rmnet_map_complement_ipv6_txporthdr_csum_field(struct ipv6hdr *ip6h)
void *txphdr;
u16 *csum;
- txphdr = ip6h + sizeof(struct ipv6hdr);
+ txphdr = ip6h + 1;
if (ip6h->nexthdr == IPPROTO_TCP || ip6h->nexthdr == IPPROTO_UDP) {
csum = (u16 *)rmnet_map_get_csum_field(ip6h->nexthdr, txphdr);
--
2.30.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH net-next] net: qualcomm: rmnet: fix two pointer math bugs
2021-06-19 13:52 [PATCH net-next] net: qualcomm: rmnet: fix two pointer math bugs Dan Carpenter
@ 2021-06-19 19:12 ` subashab
2021-06-21 7:11 ` Dan Carpenter
2021-06-21 19:30 ` patchwork-bot+netdevbpf
1 sibling, 1 reply; 6+ messages in thread
From: subashab @ 2021-06-19 19:12 UTC (permalink / raw)
To: Dan Carpenter
Cc: Sean Tranchetti, David S. Miller, Jakub Kicinski, netdev,
kernel-janitors
On 2021-06-19 07:52, Dan Carpenter wrote:
> We recently changed these two pointers from void pointers to struct
> pointers and it breaks the pointer math so now the "txphdr" points
> beyond the end of the buffer.
>
> Fixes: 56a967c4f7e5 ("net: qualcomm: rmnet: Remove some unneeded
> casts")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> drivers/net/ethernet/qualcomm/rmnet/rmnet_map_data.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/net/ethernet/qualcomm/rmnet/rmnet_map_data.c
> b/drivers/net/ethernet/qualcomm/rmnet/rmnet_map_data.c
> index 3ee5c1a8b46e..3676976c875b 100644
> --- a/drivers/net/ethernet/qualcomm/rmnet/rmnet_map_data.c
> +++ b/drivers/net/ethernet/qualcomm/rmnet/rmnet_map_data.c
> @@ -168,7 +168,7 @@ static void
> rmnet_map_complement_ipv4_txporthdr_csum_field(struct iphdr *ip4h)
> void *txphdr;
> u16 *csum;
>
> - txphdr = ip4h + ip4h->ihl * 4;
> + txphdr = (void *)ip4h + ip4h->ihl * 4;
>
> if (ip4h->protocol == IPPROTO_TCP || ip4h->protocol == IPPROTO_UDP) {
> csum = (u16 *)rmnet_map_get_csum_field(ip4h->protocol, txphdr);
> @@ -203,7 +203,7 @@
> rmnet_map_complement_ipv6_txporthdr_csum_field(struct ipv6hdr *ip6h)
> void *txphdr;
> u16 *csum;
>
> - txphdr = ip6h + sizeof(struct ipv6hdr);
> + txphdr = ip6h + 1;
>
> if (ip6h->nexthdr == IPPROTO_TCP || ip6h->nexthdr == IPPROTO_UDP) {
> csum = (u16 *)rmnet_map_get_csum_field(ip6h->nexthdr, txphdr);
Hi Dan
Thanks for fixing this. Could you cast the ip4h to char* instead of
void*.
Looks like gcc might raise issues if -Wpointer-arith is used.
https://gcc.gnu.org/onlinedocs/gcc-4.5.0/gcc/Pointer-Arith.html#Pointer-Arith
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH net-next] net: qualcomm: rmnet: fix two pointer math bugs
2021-06-19 19:12 ` subashab
@ 2021-06-21 7:11 ` Dan Carpenter
2021-06-21 7:18 ` Dan Carpenter
0 siblings, 1 reply; 6+ messages in thread
From: Dan Carpenter @ 2021-06-21 7:11 UTC (permalink / raw)
To: subashab
Cc: Sean Tranchetti, David S. Miller, Jakub Kicinski, netdev,
kernel-janitors
On Sat, Jun 19, 2021 at 01:12:09PM -0600, subashab@codeaurora.org wrote:
> On 2021-06-19 07:52, Dan Carpenter wrote:
>
> Hi Dan
>
> Thanks for fixing this. Could you cast the ip4h to char* instead of void*.
> Looks like gcc might raise issues if -Wpointer-arith is used.
>
> https://gcc.gnu.org/onlinedocs/gcc-4.5.0/gcc/Pointer-Arith.html#Pointer-Arith
The fix for that is to not enable -Wpointer-arith. The warning is dumb.
regards,
dan carpenter
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH net-next] net: qualcomm: rmnet: fix two pointer math bugs
2021-06-21 7:11 ` Dan Carpenter
@ 2021-06-21 7:18 ` Dan Carpenter
2021-06-21 16:44 ` subashab
0 siblings, 1 reply; 6+ messages in thread
From: Dan Carpenter @ 2021-06-21 7:18 UTC (permalink / raw)
To: subashab
Cc: Sean Tranchetti, David S. Miller, Jakub Kicinski, netdev,
kernel-janitors
On Mon, Jun 21, 2021 at 10:11:58AM +0300, Dan Carpenter wrote:
> On Sat, Jun 19, 2021 at 01:12:09PM -0600, subashab@codeaurora.org wrote:
> > On 2021-06-19 07:52, Dan Carpenter wrote:
> >
> > Hi Dan
> >
> > Thanks for fixing this. Could you cast the ip4h to char* instead of void*.
> > Looks like gcc might raise issues if -Wpointer-arith is used.
> >
> > https://gcc.gnu.org/onlinedocs/gcc-4.5.0/gcc/Pointer-Arith.html#Pointer-Arith
>
> The fix for that is to not enable -Wpointer-arith. The warning is dumb.
Sorry, that was uncalled for and not correct. The GCC warning would be
useful if we were trying to write portable userspace code. But in the
kernel the kernel uses GCC extensions a lot.
The Clang compiler can also compile the kernel these days. But it had
to add support for a bunch of GCC extensions to make that work. Really
most of linux userspace is written with GCC in mind so Clang had to do
this anyway.
So we will never enable -Wpointer-arith in the kernel because there is
no need.
regards,
dan carpenter
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH net-next] net: qualcomm: rmnet: fix two pointer math bugs
2021-06-21 7:18 ` Dan Carpenter
@ 2021-06-21 16:44 ` subashab
0 siblings, 0 replies; 6+ messages in thread
From: subashab @ 2021-06-21 16:44 UTC (permalink / raw)
To: Dan Carpenter
Cc: Sean Tranchetti, David S. Miller, Jakub Kicinski, netdev,
kernel-janitors
On 2021-06-21 01:18, Dan Carpenter wrote:
> On Mon, Jun 21, 2021 at 10:11:58AM +0300, Dan Carpenter wrote:
>> On Sat, Jun 19, 2021 at 01:12:09PM -0600, subashab@codeaurora.org
>> wrote:
>> > On 2021-06-19 07:52, Dan Carpenter wrote:
>> >
>> > Hi Dan
>> >
>> > Thanks for fixing this. Could you cast the ip4h to char* instead of void*.
>> > Looks like gcc might raise issues if -Wpointer-arith is used.
>> >
>> > https://gcc.gnu.org/onlinedocs/gcc-4.5.0/gcc/Pointer-Arith.html#Pointer-Arith
>>
>> The fix for that is to not enable -Wpointer-arith. The warning is
>> dumb.
>
> Sorry, that was uncalled for and not correct. The GCC warning would be
> useful if we were trying to write portable userspace code. But in the
> kernel the kernel uses GCC extensions a lot.
>
> The Clang compiler can also compile the kernel these days. But it had
> to add support for a bunch of GCC extensions to make that work. Really
> most of linux userspace is written with GCC in mind so Clang had to do
> this anyway.
>
> So we will never enable -Wpointer-arith in the kernel because there is
> no need.
>
> regards,
> dan carpenter
Thanks for the clarification.
Reviewed-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH net-next] net: qualcomm: rmnet: fix two pointer math bugs
2021-06-19 13:52 [PATCH net-next] net: qualcomm: rmnet: fix two pointer math bugs Dan Carpenter
2021-06-19 19:12 ` subashab
@ 2021-06-21 19:30 ` patchwork-bot+netdevbpf
1 sibling, 0 replies; 6+ messages in thread
From: patchwork-bot+netdevbpf @ 2021-06-21 19:30 UTC (permalink / raw)
To: Dan Carpenter; +Cc: subashab, stranche, davem, kuba, netdev, kernel-janitors
Hello:
This patch was applied to netdev/net-next.git (refs/heads/master):
On Sat, 19 Jun 2021 16:52:22 +0300 you wrote:
> We recently changed these two pointers from void pointers to struct
> pointers and it breaks the pointer math so now the "txphdr" points
> beyond the end of the buffer.
>
> Fixes: 56a967c4f7e5 ("net: qualcomm: rmnet: Remove some unneeded casts")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> [...]
Here is the summary with links:
- [net-next] net: qualcomm: rmnet: fix two pointer math bugs
https://git.kernel.org/netdev/net-next/c/753ba09aa3ea
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-06-21 19:30 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-19 13:52 [PATCH net-next] net: qualcomm: rmnet: fix two pointer math bugs Dan Carpenter
2021-06-19 19:12 ` subashab
2021-06-21 7:11 ` Dan Carpenter
2021-06-21 7:18 ` Dan Carpenter
2021-06-21 16:44 ` subashab
2021-06-21 19:30 ` patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).