Skip to content

Commit b6f15f8

Browse files
Alexander Duyckdavem330
Alexander Duyck
authored and
davem330
committed
fib_trie: Fix regression in handling of inflate/halve failure
When I updated the code to address a possible null pointer dereference in resize I ended up reverting an exception handling fix for the suffix length in the event that inflate or halve failed. This change is meant to correct that by reverting the earlier fix and instead simply getting the parent again after inflate has been completed to avoid the possible null pointer issue. Fixes: ddb4b9a ("fib_trie: Address possible NULL pointer dereference in resize") Signed-off-by: Alexander Duyck <[email protected]> Signed-off-by: David S. Miller <[email protected]>
1 parent 9cde945 commit b6f15f8

File tree

1 file changed

+9
-4
lines changed

1 file changed

+9
-4
lines changed

net/ipv4/fib_trie.c

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -830,7 +830,7 @@ static struct key_vector *resize(struct trie *t, struct key_vector *tn)
830830
/* Double as long as the resulting node has a number of
831831
* nonempty nodes that are above the threshold.
832832
*/
833-
while (should_inflate(tp, tn) && max_work--) {
833+
while (should_inflate(tp, tn) && max_work) {
834834
tp = inflate(t, tn);
835835
if (!tp) {
836836
#ifdef CONFIG_IP_FIB_TRIE_STATS
@@ -839,17 +839,21 @@ static struct key_vector *resize(struct trie *t, struct key_vector *tn)
839839
break;
840840
}
841841

842+
max_work--;
842843
tn = get_child(tp, cindex);
843844
}
844845

846+
/* update parent in case inflate failed */
847+
tp = node_parent(tn);
848+
845849
/* Return if at least one inflate is run */
846850
if (max_work != MAX_WORK)
847-
return node_parent(tn);
851+
return tp;
848852

849853
/* Halve as long as the number of empty children in this
850854
* node is above threshold.
851855
*/
852-
while (should_halve(tp, tn) && max_work--) {
856+
while (should_halve(tp, tn) && max_work) {
853857
tp = halve(t, tn);
854858
if (!tp) {
855859
#ifdef CONFIG_IP_FIB_TRIE_STATS
@@ -858,14 +862,15 @@ static struct key_vector *resize(struct trie *t, struct key_vector *tn)
858862
break;
859863
}
860864

865+
max_work--;
861866
tn = get_child(tp, cindex);
862867
}
863868

864869
/* Only one child remains */
865870
if (should_collapse(tn))
866871
return collapse(t, tn);
867872

868-
/* update parent in case inflate or halve failed */
873+
/* update parent in case halve failed */
869874
tp = node_parent(tn);
870875

871876
/* Return if at least one deflate was run */

0 commit comments

Comments
 (0)