| Message ID | 20120712001804.26542.2889.stgit@gitlad.jf.intel.com |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
From: Alexander Duyck <alexander.h.duyck@intel.com> Date: Wed, 11 Jul 2012 17:18:04 -0700 > The recent patch "tcp: Maintain dynamic metrics in local cache." introduced > an out of bounds access due to what appears to be a typo. I believe this > change should resolve the issue by replacing the access to RTAX_CWND with > TCP_METRIC_CWND. > > Signed-off-by: Alexander Duyck <alexander.h.duyck@intel.com> Applied, thanks a lot. How did you spot this, did you get a compiler warning? I ask because while working on this, I at one point put the tcp timestamp members after the metrics array in the tcp_metrics_bucket struct. And I got a warning from gcc about an array bounds violation that I could not figure out. I am pretty certain this bug here is what it was warning about. And the problem is that if you put the array at the end gcc doesn't warn in order to handle things similar to what people use zero length arrays for. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 7/11/2012 5:32 PM, David Miller wrote: > From: Alexander Duyck<alexander.h.duyck@intel.com> > Date: Wed, 11 Jul 2012 17:18:04 -0700 > >> The recent patch "tcp: Maintain dynamic metrics in local cache." introduced >> an out of bounds access due to what appears to be a typo. I believe this >> change should resolve the issue by replacing the access to RTAX_CWND with >> TCP_METRIC_CWND. >> >> Signed-off-by: Alexander Duyck<alexander.h.duyck@intel.com> > Applied, thanks a lot. > > How did you spot this, did you get a compiler warning? > > I ask because while working on this, I at one point put the > tcp timestamp members after the metrics array in the > tcp_metrics_bucket struct. And I got a warning from gcc about > an array bounds violation that I could not figure out. > > I am pretty certain this bug here is what it was warning about. And > the problem is that if you put the array at the end gcc doesn't warn > in order to handle things similar to what people use zero length > arrays for. It came up as a compiler warning. I suspect it may have something to do with the optimizations I had turned on since it complained that the issue was in tcp_update_metrics but then reported it on the one line in tcp_metric_set. Thanks, Alex -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv4/tcp_metrics.c b/net/ipv4/tcp_metrics.c index 1fd83d3..5a38a2d 100644 --- a/net/ipv4/tcp_metrics.c +++ b/net/ipv4/tcp_metrics.c @@ -412,7 +412,7 @@ void tcp_update_metrics(struct sock *sk) max(tp->snd_cwnd >> 1, tp->snd_ssthresh)); if (!tcp_metric_locked(tm, TCP_METRIC_CWND)) { val = tcp_metric_get(tm, TCP_METRIC_CWND); - tcp_metric_set(tm, RTAX_CWND, (val + tp->snd_cwnd) >> 1); + tcp_metric_set(tm, TCP_METRIC_CWND, (val + tp->snd_cwnd) >> 1); } } else { /* Else slow start did not finish, cwnd is non-sense,
The recent patch "tcp: Maintain dynamic metrics in local cache." introduced an out of bounds access due to what appears to be a typo. I believe this change should resolve the issue by replacing the access to RTAX_CWND with TCP_METRIC_CWND. Signed-off-by: Alexander Duyck <alexander.h.duyck@intel.com> --- net/ipv4/tcp_metrics.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html