[net-next] net: qualcomm: rmnet: fix two pointer math bugs

Message ID	YM32lkJIJdSgpR87@mwanda (mailing list archive)
State	Accepted
Commit	753ba09aa3ea14b593b168d3ef541da00f4659f5
Delegated to:	Netdev Maintainers
Headers	show Return-Path: <netdev-owner@kernel.org> Date: Sat, 19 Jun 2021 16:52:22 +0300 From: Dan Carpenter <dan.carpenter@oracle.com> To: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org> Cc: Sean Tranchetti <stranche@codeaurora.org>, "David S. Miller" <davem@davemloft.net>, Jakub Kicinski <kuba@kernel.org>, netdev@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: [PATCH net-next] net: qualcomm: rmnet: fix two pointer math bugs Message-ID: <YM32lkJIJdSgpR87@mwanda> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Precedence: bulk
Series	[net-next] net: qualcomm: rmnet: fix two pointer math bugs \| expand [net-next] net: qualcomm: rmnet: fix two pointer math bugs

Context	Check	Description
netdev/cover_letter	success	Link
netdev/fixes_present	success	Link
netdev/patch_count	success	Link
netdev/tree_selection	success	Clearly marked for net-next
netdev/subject_prefix	success	Link
netdev/cc_maintainers	success	CCed 5 of 5 maintainers
netdev/source_inline	success	Was 0 now: 0
netdev/verify_signedoff	success	Link
netdev/module_param	success	Was 0 now: 0
netdev/build_32bit	success	Errors and warnings before: 0 this patch: 0
netdev/kdoc	success	Errors and warnings before: 0 this patch: 0
netdev/verify_fixes	success	Link
netdev/checkpatch	success	total: 0 errors, 0 warnings, 0 checks, 16 lines checked
netdev/build_allmodconfig_warn	success	Errors and warnings before: 0 this patch: 0
netdev/header_inline	success	Link

Dan Carpenter June 19, 2021, 1:52 p.m. UTC

We recently changed these two pointers from void pointers to struct
pointers and it breaks the pointer math so now the "txphdr" points
beyond the end of the buffer.

Fixes: 56a967c4f7e5 ("net: qualcomm: rmnet: Remove some unneeded casts")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
 drivers/net/ethernet/qualcomm/rmnet/rmnet_map_data.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Subash Abhinov Kasiviswanathan June 19, 2021, 7:12 p.m. UTC | #1

On 2021-06-19 07:52, Dan Carpenter wrote:
> We recently changed these two pointers from void pointers to struct
> pointers and it breaks the pointer math so now the "txphdr" points
> beyond the end of the buffer.
> 
> Fixes: 56a967c4f7e5 ("net: qualcomm: rmnet: Remove some unneeded 
> casts")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
>  drivers/net/ethernet/qualcomm/rmnet/rmnet_map_data.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/net/ethernet/qualcomm/rmnet/rmnet_map_data.c
> b/drivers/net/ethernet/qualcomm/rmnet/rmnet_map_data.c
> index 3ee5c1a8b46e..3676976c875b 100644
> --- a/drivers/net/ethernet/qualcomm/rmnet/rmnet_map_data.c
> +++ b/drivers/net/ethernet/qualcomm/rmnet/rmnet_map_data.c
> @@ -168,7 +168,7 @@ static void
> rmnet_map_complement_ipv4_txporthdr_csum_field(struct iphdr *ip4h)
>  	void *txphdr;
>  	u16 *csum;
> 
> -	txphdr = ip4h + ip4h->ihl * 4;
> +	txphdr = (void *)ip4h + ip4h->ihl * 4;
> 
>  	if (ip4h->protocol == IPPROTO_TCP || ip4h->protocol == IPPROTO_UDP) {
>  		csum = (u16 *)rmnet_map_get_csum_field(ip4h->protocol, txphdr);
> @@ -203,7 +203,7 @@
> rmnet_map_complement_ipv6_txporthdr_csum_field(struct ipv6hdr *ip6h)
>  	void *txphdr;
>  	u16 *csum;
> 
> -	txphdr = ip6h + sizeof(struct ipv6hdr);
> +	txphdr = ip6h + 1;
> 
>  	if (ip6h->nexthdr == IPPROTO_TCP || ip6h->nexthdr == IPPROTO_UDP) {
>  		csum = (u16 *)rmnet_map_get_csum_field(ip6h->nexthdr, txphdr);

Hi Dan

Thanks for fixing this. Could you cast the ip4h to char* instead of 
void*.
Looks like gcc might raise issues if -Wpointer-arith is used.

https://gcc.gnu.org/onlinedocs/gcc-4.5.0/gcc/Pointer-Arith.html#Pointer-Arith

Dan Carpenter June 21, 2021, 7:11 a.m. UTC | #2

On Sat, Jun 19, 2021 at 01:12:09PM -0600, subashab@codeaurora.org wrote:
> On 2021-06-19 07:52, Dan Carpenter wrote:
> 
> Hi Dan
> 
> Thanks for fixing this. Could you cast the ip4h to char* instead of void*.
> Looks like gcc might raise issues if -Wpointer-arith is used.
> 
> https://gcc.gnu.org/onlinedocs/gcc-4.5.0/gcc/Pointer-Arith.html#Pointer-Arith

The fix for that is to not enable -Wpointer-arith.  The warning is dumb.

regards,
dan carpenter

Dan Carpenter June 21, 2021, 7:18 a.m. UTC | #3

On Mon, Jun 21, 2021 at 10:11:58AM +0300, Dan Carpenter wrote:
> On Sat, Jun 19, 2021 at 01:12:09PM -0600, subashab@codeaurora.org wrote:
> > On 2021-06-19 07:52, Dan Carpenter wrote:
> > 
> > Hi Dan
> > 
> > Thanks for fixing this. Could you cast the ip4h to char* instead of void*.
> > Looks like gcc might raise issues if -Wpointer-arith is used.
> > 
> > https://gcc.gnu.org/onlinedocs/gcc-4.5.0/gcc/Pointer-Arith.html#Pointer-Arith
> 
> The fix for that is to not enable -Wpointer-arith.  The warning is dumb.

Sorry, that was uncalled for and not correct.  The GCC warning would be
useful if we were trying to write portable userspace code.  But in the
kernel the kernel uses GCC extensions a lot.

The Clang compiler can also compile the kernel these days.  But it had
to add support for a bunch of GCC extensions to make that work.  Really
most of linux userspace is written with GCC in mind so Clang had to do
this anyway.

So we will never enable -Wpointer-arith in the kernel because there is
no need.

regards,
dan carpenter

Subash Abhinov Kasiviswanathan June 21, 2021, 4:44 p.m. UTC | #4

On 2021-06-21 01:18, Dan Carpenter wrote:
> On Mon, Jun 21, 2021 at 10:11:58AM +0300, Dan Carpenter wrote:
>> On Sat, Jun 19, 2021 at 01:12:09PM -0600, subashab@codeaurora.org 
>> wrote:
>> > On 2021-06-19 07:52, Dan Carpenter wrote:
>> >
>> > Hi Dan
>> >
>> > Thanks for fixing this. Could you cast the ip4h to char* instead of void*.
>> > Looks like gcc might raise issues if -Wpointer-arith is used.
>> >
>> > https://gcc.gnu.org/onlinedocs/gcc-4.5.0/gcc/Pointer-Arith.html#Pointer-Arith
>> 
>> The fix for that is to not enable -Wpointer-arith.  The warning is 
>> dumb.
> 
> Sorry, that was uncalled for and not correct.  The GCC warning would be
> useful if we were trying to write portable userspace code.  But in the
> kernel the kernel uses GCC extensions a lot.
> 
> The Clang compiler can also compile the kernel these days.  But it had
> to add support for a bunch of GCC extensions to make that work.  Really
> most of linux userspace is written with GCC in mind so Clang had to do
> this anyway.
> 
> So we will never enable -Wpointer-arith in the kernel because there is
> no need.
> 
> regards,
> dan carpenter

Thanks for the clarification.

Reviewed-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>

patchwork-bot+netdevbpf@kernel.org June 21, 2021, 7:30 p.m. UTC | #5

Hello:

This patch was applied to netdev/net-next.git (refs/heads/master):

On Sat, 19 Jun 2021 16:52:22 +0300 you wrote:
> We recently changed these two pointers from void pointers to struct
> pointers and it breaks the pointer math so now the "txphdr" points
> beyond the end of the buffer.
> 
> Fixes: 56a967c4f7e5 ("net: qualcomm: rmnet: Remove some unneeded casts")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> 
> [...]

Here is the summary with links:
  - [net-next] net: qualcomm: rmnet: fix two pointer math bugs
    https://git.kernel.org/netdev/net-next/c/753ba09aa3ea

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

[net-next] net: qualcomm: rmnet: fix two pointer math bugs

Checks

Commit Message

Comments

Patch