From: Shuah Khan Date: Tue, 11 Nov 2014 17:04:13 +0000 (-0700) Subject: selftests/net: psock_fanout seg faults in sock_fanout_read_ring() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=fbf8e7211ac7858d3df4a4203c18da7a58560784;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git selftests/net: psock_fanout seg faults in sock_fanout_read_ring() The while loop in sock_fanout_read_ring() checks mmap region bounds after access, causing it to segfault. Fix it to check count before accessing header->tp_status. This problem can be reproduced consistently when the test in run as follows: make -C tools/testing/selftests TARGETS=net run_tests or make run_tests from tools/testing/selftests or make run_test from tools/testing/selftests/net Signed-off-by: Shuah Khan Signed-off-by: David S. Miller --- diff --git a/tools/testing/selftests/net/psock_fanout.c b/tools/testing/selftests/net/psock_fanout.c index 57b9c2b7c4ff..6f6733331d95 100644 --- a/tools/testing/selftests/net/psock_fanout.c +++ b/tools/testing/selftests/net/psock_fanout.c @@ -128,7 +128,7 @@ static int sock_fanout_read_ring(int fd, void *ring) struct tpacket2_hdr *header = ring; int count = 0; - while (header->tp_status & TP_STATUS_USER && count < RING_NUM_FRAMES) { + while (count < RING_NUM_FRAMES && header->tp_status & TP_STATUS_USER) { count++; header = ring + (count * getpagesize()); }