fib_trie: Fix shift by 32 in fib_table_lookup
authorAlexander Duyck <aduyck@mirantis.com>
Thu, 28 Jan 2016 21:42:24 +0000 (13:42 -0800)
committerDavid S. Miller <davem@davemloft.net>
Sat, 30 Jan 2016 03:41:00 +0000 (19:41 -0800)
The fib_table_lookup function had a shift by 32 that triggered a UBSAN
warning.  This was due to the fact that I had placed the shift first and
then followed it with the check for the suffix length to ignore the
undefined behavior.  If we reorder this so that we verify the suffix is
less than 32 before shifting the value we can avoid the issue.

Reported-by: Toralf Förster <toralf.foerster@gmx.de>
Signed-off-by: Alexander Duyck <aduyck@mirantis.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/fib_trie.c

index 744e5936c10d7ec555d1ca621f5bd4be57f1c72b..22e73171ea63e07709138199e312560c1b68415d 100644 (file)
@@ -1396,9 +1396,10 @@ found:
                struct fib_info *fi = fa->fa_info;
                int nhsel, err;
 
-               if ((index >= (1ul << fa->fa_slen)) &&
-                   ((BITS_PER_LONG > KEYLENGTH) || (fa->fa_slen != KEYLENGTH)))
-                       continue;
+               if ((BITS_PER_LONG > KEYLENGTH) || (fa->fa_slen < KEYLENGTH)) {
+                       if (index >= (1ul << fa->fa_slen))
+                               continue;
+               }
                if (fa->fa_tos && fa->fa_tos != flp->flowi4_tos)
                        continue;
                if (fi->fib_dead)