Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 30 Aug 2018 21:15:37 -0400
From:      "Jonathan T. Looney" <jtl@freebsd.org>
To:        kp@freebsd.org
Cc:        src-committers <src-committers@freebsd.org>, svn-src-all@freebsd.org,  svn-src-head@freebsd.org
Subject:   Re: svn commit: r337776 - head/sys/netinet6
Message-ID:  <CADrOrmu9WOA4WWkeLZDJtauBdd-qYmEfMddXVrwVpUvHbov7kQ@mail.gmail.com>
In-Reply-To: <7C9F31C2-839C-4537-A43D-F51A54380BDA@FreeBSD.org>
References:  <201808141717.w7EHHcPf010971@repo.freebsd.org> <7C9F31C2-839C-4537-A43D-F51A54380BDA@FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 30, 2018 at 6:00 PM Kristof Provost <kp@freebsd.org> wrote:

> On 14 Aug 2018, at 19:17, Jonathan T. Looney wrote:
>
> + uint32_t hash, hashkey[sizeof(struct in6_addr) * 2 + 1], *hashkeyp;
>
> I=E2=80=99m pretty sure you didn=E2=80=99t mean for the hashkey to be 102=
8 bytes long.
>
Yikes. Yep, that's a bug.

I originally spelled this as 9; however, decided to rewrite it to avoid
"magic numbers". It made it through all my manual testing; but, that makes
sense since all my positive functional tests were on an unloaded machine,
so the extra stack garbage would be more likely to be consistent.


> I=E2=80=99ve done this, which fixes the problem:
>
> diff --git a/sys/netinet6/frag6.c b/sys/netinet6/frag6.c
> index 0f30801540a..e1f2b3f5842 100644
> --- a/sys/netinet6/frag6.c
> +++ b/sys/netinet6/frag6.c
> @@ -218,7 +218,9 @@ frag6_input(struct mbuf **mp, int *offp, int proto)
>         int offset =3D *offp, nxt, i, next;
>         int first_frag =3D 0;
>         int fragoff, frgpartlen;        /* must be larger than u_int16_t =
*/
> -       uint32_t hash, hashkey[sizeof(struct in6_addr) * 2 + 1], *hashkey=
p;
> +       uint32_t hashkey[(sizeof(struct in6_addr) * 2 + sizeof(u_int32_t)=
) /
> +           sizeof(uint32_t)];
> +       uint32_t hash, *hashkeyp;
>         struct ifnet *dstifp;
>         u_int8_t ecn, ecn0;
>  #ifdef RSS
>
>
That looks fine to me, either with or without the followup suggestion of
using sizeof(ip6f->ip6f_ident). Feel free to commit this change (after
appropriate re@ approval). Or, let me know if you prefer I do it. Either
way, I'll wear the pointy hat (sadly, I suspect it is neither the first nor
last I will earn).

Jonathan



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADrOrmu9WOA4WWkeLZDJtauBdd-qYmEfMddXVrwVpUvHbov7kQ>