Re: [RFC PATCH 07/13] udp_tunnel: remove the usage of the list iterator after the loop

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Le 17/02/2022 à 19:48, Jakob Koschel a écrit :
The usage of node->dev after the loop body is a legitimate type
confusion if the break was not hit. It will compare an undefined
memory location with dev that could potentially be equal. The value
of node->dev in this case could either be a random struct member of the
head element or an out-of-bounds value.

Therefore it is more safe to use the found variable. With the
introduction of speculative safe list iterator this check could be
replaced with if (!node).

Signed-off-by: Jakob Koschel <jakobkoschel@xxxxxxxxx>
---
  net/ipv4/udp_tunnel_nic.c | 7 +++++--
  1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/net/ipv4/udp_tunnel_nic.c b/net/ipv4/udp_tunnel_nic.c
index b91003538d87..c47f9fb36d29 100644
--- a/net/ipv4/udp_tunnel_nic.c
+++ b/net/ipv4/udp_tunnel_nic.c
@@ -842,11 +842,14 @@ udp_tunnel_nic_unregister(struct net_device *dev, struct udp_tunnel_nic *utn)
  	 */
  	if (info->shared) {
  		struct udp_tunnel_nic_shared_node *node, *first;
+		bool found = false;
list_for_each_entry(node, &info->shared->devices, list)
-			if (node->dev == dev)
+			if (node->dev == dev) {
+				found = true;
  				break;
-		if (node->dev != dev)
+			}
+		if (!found)
  			return;
list_del(&node->list);

Hi,

just in case, see Dan Carpeter's patch for the same issue with another fix at:
https://lore.kernel.org/kernel-janitors/20220222134251.GA2271@kili/

CJ



[Index of Archives]     [Linux Kernel]     [Kernel Newbies]     [x86 Platform Driver]     [Netdev]     [Linux Wireless]     [Netfilter]     [Bugtraq]     [Linux Filesystems]     [Yosemite Discussion]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]

  Powered by Linux