diff mbox

net sched: text ematch: zero out ts_state before using it

Message ID 1412870721-31061-1-git-send-email-osandov@osandov.com
State Not Applicable, archived
Delegated to: David Miller
Headers show

Commit Message

Omar Sandoval Oct. 9, 2014, 4:05 p.m. UTC 
textsearch_find zeroes out the offset, but the control buffer (which may or may
not matter in this case) needs to be zeroed out as well.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
---
 net/sched/em_text.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Omar Sandoval Oct. 9, 2014, 4:28 p.m. UTC | #1 
On Thu, Oct 09, 2014 at 09:05:21AM -0700, Omar Sandoval wrote:
> textsearch_find zeroes out the offset, but the control buffer (which may or may
> not matter in this case) needs to be zeroed out as well.
> 
> Signed-off-by: Omar Sandoval <osandov@osandov.com>
> ---
>  net/sched/em_text.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/net/sched/em_text.c b/net/sched/em_text.c
> index 15d353d..2a1b6d9 100644
> --- a/net/sched/em_text.c
> +++ b/net/sched/em_text.c
> @@ -36,6 +36,8 @@ static int em_text_match(struct sk_buff *skb, struct tcf_ematch *m,
>  	int from, to;
>  	struct ts_state state;
>  
> +	memset(&state, 0, sizeof(state));
> +
>  	from = tcf_get_base_ptr(skb, tm->from_layer) - skb->data;
>  	from += tm->from_offset;
>  
> -- 
> 2.1.2
> 

I forgot to mention: this patch is against 3.17.
Cong Wang Oct. 9, 2014, 9:48 p.m. UTC | #2 
On Thu, Oct 9, 2014 at 9:05 AM, Omar Sandoval <osandov@osandov.com> wrote:
> textsearch_find zeroes out the offset, but the control buffer (which may or may
> not matter in this case) needs to be zeroed out as well.

Why? skb_prepare_seq_read() initializes the cb.

Also, the comment says:

 * @state: uninitialized textsearch state variable
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Omar Sandoval Oct. 9, 2014, 9:54 p.m. UTC | #3 
On Thu, Oct 09, 2014 at 02:48:54PM -0700, Cong Wang wrote:
> On Thu, Oct 9, 2014 at 9:05 AM, Omar Sandoval <osandov@osandov.com> wrote:
> > textsearch_find zeroes out the offset, but the control buffer (which may or may
> > not matter in this case) needs to be zeroed out as well.
> 
> Why? skb_prepare_seq_read() initializes the cb.
> 
> Also, the comment says:
> 
>  * @state: uninitialized textsearch state variable

Mm, thanks, I missed that. It looks like every other caller of skb_find_text is
doing an unnecessary memset in that case. Disregard this, I guess.
diff mbox

Patch

diff --git a/net/sched/em_text.c b/net/sched/em_text.c
index 15d353d..2a1b6d9 100644
--- a/net/sched/em_text.c
+++ b/net/sched/em_text.c
@@ -36,6 +36,8 @@  static int em_text_match(struct sk_buff *skb, struct tcf_ematch *m,
 	int from, to;
 	struct ts_state state;
 
+	memset(&state, 0, sizeof(state));
+
 	from = tcf_get_base_ptr(skb, tm->from_layer) - skb->data;
 	from += tm->from_offset;