This is a note to let you know that I've just added the patch titled fib_trie: Correct /proc/net/route off by one error to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: fib_trie-correct-proc-net-route-off-by-one-error.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From foo@baz Fri Nov 18 11:09:43 CET 2016 From: Alexander Duyck <alexander.h.duyck@xxxxxxxxx> Date: Fri, 4 Nov 2016 15:11:57 -0400 Subject: fib_trie: Correct /proc/net/route off by one error From: Alexander Duyck <alexander.h.duyck@xxxxxxxxx> [ Upstream commit fd0285a39b1cb496f60210a9a00ad33a815603e7 ] The display of /proc/net/route has had a couple issues due to the fact that when I originally rewrote most of fib_trie I made it so that the iterator was tracking the next value to use instead of the current. In addition it had an off by 1 error where I was tracking the first piece of data as position 0, even though in reality that belonged to the SEQ_START_TOKEN. This patch updates the code so the iterator tracks the last reported position and key instead of the next expected position and key. In addition it shifts things so that all of the leaves start at 1 instead of trying to report leaves starting with offset 0 as being valid. With these two issues addressed this should resolve any off by one errors that were present in the display of /proc/net/route. Fixes: 25b97c016b26 ("ipv4: off-by-one in continuation handling in /proc/net/route") Cc: Andy Whitcroft <apw@xxxxxxxxxxxxx> Reported-by: Jason Baron <jbaron@xxxxxxxxxx> Tested-by: Jason Baron <jbaron@xxxxxxxxxx> Signed-off-by: Alexander Duyck <alexander.h.duyck@xxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- net/ipv4/fib_trie.c | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) --- a/net/ipv4/fib_trie.c +++ b/net/ipv4/fib_trie.c @@ -2456,22 +2456,19 @@ static struct key_vector *fib_route_get_ struct key_vector *l, **tp = &iter->tnode; t_key key; - /* use cache location of next-to-find key */ + /* use cached location of previously found key */ if (iter->pos > 0 && pos >= iter->pos) { - pos -= iter->pos; key = iter->key; } else { - iter->pos = 0; + iter->pos = 1; key = 0; } - while ((l = leaf_walk_rcu(tp, key)) != NULL) { + pos -= iter->pos; + + while ((l = leaf_walk_rcu(tp, key)) && (pos-- > 0)) { key = l->key + 1; iter->pos++; - - if (--pos <= 0) - break; - l = NULL; /* handle unlikely case of a key wrap */ @@ -2480,7 +2477,7 @@ static struct key_vector *fib_route_get_ } if (l) - iter->key = key; /* remember it */ + iter->key = l->key; /* remember it */ else iter->pos = 0; /* forget it */ @@ -2508,7 +2505,7 @@ static void *fib_route_seq_start(struct return fib_route_get_idx(iter, *pos); iter->pos = 0; - iter->key = 0; + iter->key = KEY_MAX; return SEQ_START_TOKEN; } @@ -2517,7 +2514,7 @@ static void *fib_route_seq_next(struct s { struct fib_route_iter *iter = seq->private; struct key_vector *l = NULL; - t_key key = iter->key; + t_key key = iter->key + 1; ++*pos; @@ -2526,7 +2523,7 @@ static void *fib_route_seq_next(struct s l = leaf_walk_rcu(&iter->tnode, key); if (l) { - iter->key = l->key + 1; + iter->key = l->key; iter->pos++; } else { iter->pos = 0; Patches currently in stable-queue which might be from alexander.h.duyck@xxxxxxxxx are queue-4.4/net-__skb_flow_dissect-must-cap-its-return-value.patch queue-4.4/fib_trie-correct-proc-net-route-off-by-one-error.patch -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html