Skip to content

Commit

Permalink
selftests/net: psock_fanout seg faults in sock_fanout_read_ring()
Browse files Browse the repository at this point in the history 
The while loop in sock_fanout_read_ring() checks mmap region
bounds after access, causing it to segfault. Fix it to check
count before accessing header->tp_status. This problem can be
reproduced consistently when the test in run as follows:

    make -C tools/testing/selftests TARGETS=net run_tests
    or
    make run_tests from tools/testing/selftests
    or
    make run_test from tools/testing/selftests/net

Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Shuah Khan authored and David S. Miller committed Nov 12, 2014
1 parent caa13a9 commit fbf8e72
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion tools/testing/selftests/net/psock_fanout.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,7 @@ static int sock_fanout_read_ring(int fd, void *ring)
struct tpacket2_hdr *header = ring;
int count = 0;

while (header->tp_status & TP_STATUS_USER && count < RING_NUM_FRAMES) {
while (count < RING_NUM_FRAMES && header->tp_status & TP_STATUS_USER) {
count++;
header = ring + (count * getpagesize());
}
Expand Down

0 comments on commit fbf8e72

Please sign in to comment.