Message ID | YM32lkJIJdSgpR87@mwanda (mailing list archive) |
---|---|
State | Accepted |
Commit | 753ba09aa3ea14b593b168d3ef541da00f4659f5 |
Delegated to: | Netdev Maintainers |
Headers | show |
Series | [net-next] net: qualcomm: rmnet: fix two pointer math bugs | expand |
Context | Check | Description |
---|---|---|
netdev/cover_letter | success | Link |
netdev/fixes_present | success | Link |
netdev/patch_count | success | Link |
netdev/tree_selection | success | Clearly marked for net-next |
netdev/subject_prefix | success | Link |
netdev/cc_maintainers | success | CCed 5 of 5 maintainers |
netdev/source_inline | success | Was 0 now: 0 |
netdev/verify_signedoff | success | Link |
netdev/module_param | success | Was 0 now: 0 |
netdev/build_32bit | success | Errors and warnings before: 0 this patch: 0 |
netdev/kdoc | success | Errors and warnings before: 0 this patch: 0 |
netdev/verify_fixes | success | Link |
netdev/checkpatch | success | total: 0 errors, 0 warnings, 0 checks, 16 lines checked |
netdev/build_allmodconfig_warn | success | Errors and warnings before: 0 this patch: 0 |
netdev/header_inline | success | Link |
On 2021-06-19 07:52, Dan Carpenter wrote: > We recently changed these two pointers from void pointers to struct > pointers and it breaks the pointer math so now the "txphdr" points > beyond the end of the buffer. > > Fixes: 56a967c4f7e5 ("net: qualcomm: rmnet: Remove some unneeded > casts") > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > --- > drivers/net/ethernet/qualcomm/rmnet/rmnet_map_data.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/net/ethernet/qualcomm/rmnet/rmnet_map_data.c > b/drivers/net/ethernet/qualcomm/rmnet/rmnet_map_data.c > index 3ee5c1a8b46e..3676976c875b 100644 > --- a/drivers/net/ethernet/qualcomm/rmnet/rmnet_map_data.c > +++ b/drivers/net/ethernet/qualcomm/rmnet/rmnet_map_data.c > @@ -168,7 +168,7 @@ static void > rmnet_map_complement_ipv4_txporthdr_csum_field(struct iphdr *ip4h) > void *txphdr; > u16 *csum; > > - txphdr = ip4h + ip4h->ihl * 4; > + txphdr = (void *)ip4h + ip4h->ihl * 4; > > if (ip4h->protocol == IPPROTO_TCP || ip4h->protocol == IPPROTO_UDP) { > csum = (u16 *)rmnet_map_get_csum_field(ip4h->protocol, txphdr); > @@ -203,7 +203,7 @@ > rmnet_map_complement_ipv6_txporthdr_csum_field(struct ipv6hdr *ip6h) > void *txphdr; > u16 *csum; > > - txphdr = ip6h + sizeof(struct ipv6hdr); > + txphdr = ip6h + 1; > > if (ip6h->nexthdr == IPPROTO_TCP || ip6h->nexthdr == IPPROTO_UDP) { > csum = (u16 *)rmnet_map_get_csum_field(ip6h->nexthdr, txphdr); Hi Dan Thanks for fixing this. Could you cast the ip4h to char* instead of void*. Looks like gcc might raise issues if -Wpointer-arith is used. https://gcc.gnu.org/onlinedocs/gcc-4.5.0/gcc/Pointer-Arith.html#Pointer-Arith
On Sat, Jun 19, 2021 at 01:12:09PM -0600, subashab@codeaurora.org wrote: > On 2021-06-19 07:52, Dan Carpenter wrote: > > Hi Dan > > Thanks for fixing this. Could you cast the ip4h to char* instead of void*. > Looks like gcc might raise issues if -Wpointer-arith is used. > > https://gcc.gnu.org/onlinedocs/gcc-4.5.0/gcc/Pointer-Arith.html#Pointer-Arith The fix for that is to not enable -Wpointer-arith. The warning is dumb. regards, dan carpenter
On Mon, Jun 21, 2021 at 10:11:58AM +0300, Dan Carpenter wrote: > On Sat, Jun 19, 2021 at 01:12:09PM -0600, subashab@codeaurora.org wrote: > > On 2021-06-19 07:52, Dan Carpenter wrote: > > > > Hi Dan > > > > Thanks for fixing this. Could you cast the ip4h to char* instead of void*. > > Looks like gcc might raise issues if -Wpointer-arith is used. > > > > https://gcc.gnu.org/onlinedocs/gcc-4.5.0/gcc/Pointer-Arith.html#Pointer-Arith > > The fix for that is to not enable -Wpointer-arith. The warning is dumb. Sorry, that was uncalled for and not correct. The GCC warning would be useful if we were trying to write portable userspace code. But in the kernel the kernel uses GCC extensions a lot. The Clang compiler can also compile the kernel these days. But it had to add support for a bunch of GCC extensions to make that work. Really most of linux userspace is written with GCC in mind so Clang had to do this anyway. So we will never enable -Wpointer-arith in the kernel because there is no need. regards, dan carpenter
On 2021-06-21 01:18, Dan Carpenter wrote: > On Mon, Jun 21, 2021 at 10:11:58AM +0300, Dan Carpenter wrote: >> On Sat, Jun 19, 2021 at 01:12:09PM -0600, subashab@codeaurora.org >> wrote: >> > On 2021-06-19 07:52, Dan Carpenter wrote: >> > >> > Hi Dan >> > >> > Thanks for fixing this. Could you cast the ip4h to char* instead of void*. >> > Looks like gcc might raise issues if -Wpointer-arith is used. >> > >> > https://gcc.gnu.org/onlinedocs/gcc-4.5.0/gcc/Pointer-Arith.html#Pointer-Arith >> >> The fix for that is to not enable -Wpointer-arith. The warning is >> dumb. > > Sorry, that was uncalled for and not correct. The GCC warning would be > useful if we were trying to write portable userspace code. But in the > kernel the kernel uses GCC extensions a lot. > > The Clang compiler can also compile the kernel these days. But it had > to add support for a bunch of GCC extensions to make that work. Really > most of linux userspace is written with GCC in mind so Clang had to do > this anyway. > > So we will never enable -Wpointer-arith in the kernel because there is > no need. > > regards, > dan carpenter Thanks for the clarification. Reviewed-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Hello: This patch was applied to netdev/net-next.git (refs/heads/master): On Sat, 19 Jun 2021 16:52:22 +0300 you wrote: > We recently changed these two pointers from void pointers to struct > pointers and it breaks the pointer math so now the "txphdr" points > beyond the end of the buffer. > > Fixes: 56a967c4f7e5 ("net: qualcomm: rmnet: Remove some unneeded casts") > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > > [...] Here is the summary with links: - [net-next] net: qualcomm: rmnet: fix two pointer math bugs https://git.kernel.org/netdev/net-next/c/753ba09aa3ea You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html
diff --git a/drivers/net/ethernet/qualcomm/rmnet/rmnet_map_data.c b/drivers/net/ethernet/qualcomm/rmnet/rmnet_map_data.c index 3ee5c1a8b46e..3676976c875b 100644 --- a/drivers/net/ethernet/qualcomm/rmnet/rmnet_map_data.c +++ b/drivers/net/ethernet/qualcomm/rmnet/rmnet_map_data.c @@ -168,7 +168,7 @@ static void rmnet_map_complement_ipv4_txporthdr_csum_field(struct iphdr *ip4h) void *txphdr; u16 *csum; - txphdr = ip4h + ip4h->ihl * 4; + txphdr = (void *)ip4h + ip4h->ihl * 4; if (ip4h->protocol == IPPROTO_TCP || ip4h->protocol == IPPROTO_UDP) { csum = (u16 *)rmnet_map_get_csum_field(ip4h->protocol, txphdr); @@ -203,7 +203,7 @@ rmnet_map_complement_ipv6_txporthdr_csum_field(struct ipv6hdr *ip6h) void *txphdr; u16 *csum; - txphdr = ip6h + sizeof(struct ipv6hdr); + txphdr = ip6h + 1; if (ip6h->nexthdr == IPPROTO_TCP || ip6h->nexthdr == IPPROTO_UDP) { csum = (u16 *)rmnet_map_get_csum_field(ip6h->nexthdr, txphdr);
We recently changed these two pointers from void pointers to struct pointers and it breaks the pointer math so now the "txphdr" points beyond the end of the buffer. Fixes: 56a967c4f7e5 ("net: qualcomm: rmnet: Remove some unneeded casts") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> --- drivers/net/ethernet/qualcomm/rmnet/rmnet_map_data.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)