From: Alexander Duyck <aduyck@mirantis.com>
Date: Thu, 28 Jan 2016 21:42:24 +0000 (-0800)
Subject: fib_trie: Fix shift by 32 in fib_table_lookup
X-Git-Tag: v4.9.8~2749^2~9
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=a5829f536b3d11a57617e83d4bcb2b7d70671e98;p=platform%2Fkernel%2Flinux-rpi3.git

fib_trie: Fix shift by 32 in fib_table_lookup

The fib_table_lookup function had a shift by 32 that triggered a UBSAN
warning.  This was due to the fact that I had placed the shift first and
then followed it with the check for the suffix length to ignore the
undefined behavior.  If we reorder this so that we verify the suffix is
less than 32 before shifting the value we can avoid the issue.

Reported-by: Toralf Förster <toralf.foerster@gmx.de>
Signed-off-by: Alexander Duyck <aduyck@mirantis.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c
index 744e593..22e7317 100644
--- a/net/ipv4/fib_trie.c
+++ b/net/ipv4/fib_trie.c
@@ -1396,9 +1396,10 @@ found:
 		struct fib_info *fi = fa->fa_info;
 		int nhsel, err;
 
-		if ((index >= (1ul << fa->fa_slen)) &&
-		    ((BITS_PER_LONG > KEYLENGTH) || (fa->fa_slen != KEYLENGTH)))
-			continue;
+		if ((BITS_PER_LONG > KEYLENGTH) || (fa->fa_slen < KEYLENGTH)) {
+			if (index >= (1ul << fa->fa_slen))
+				continue;
+		}
 		if (fa->fa_tos && fa->fa_tos != flp->flowi4_tos)
 			continue;
 		if (fi->fib_dead)