[net PATCH] fib_trie: Fix shift by 32 in fib_table_lookup

[net PATCH] fib_trie: Fix shift by 32 in fib_table_lookup

[Alexander Duyck]

The fib_table_lookup function had a shift by 32 that triggered a UBSAN
warning.  This was due to the fact that I had placed the shift first and
then followed it with the check for the suffix length to ignore the
undefined behavior.  If we reorder this so that we verify the suffix is
less than 32 before shifting the value we can avoid the issue.

Reported-by: Toralf Förster <toralf.foerster@gmx.de>
Signed-off-by: Alexander Duyck <aduyck@mirantis.com>
---
 net/ipv4/fib_trie.c |    7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c
index 744e5936c10d..22e73171ea63 100644
--- a/net/ipv4/fib_trie.c
+++ b/net/ipv4/fib_trie.c
@@ -1396,9 +1396,10 @@ found:
 		struct fib_info *fi = fa->fa_info;
 		int nhsel, err;
 
-		if ((index >= (1ul << fa->fa_slen)) &&
-		    ((BITS_PER_LONG > KEYLENGTH) || (fa->fa_slen != KEYLENGTH)))
-			continue;
+		if ((BITS_PER_LONG > KEYLENGTH) || (fa->fa_slen < KEYLENGTH)) {
+			if (index >= (1ul << fa->fa_slen))
+				continue;
+		}
 		if (fa->fa_tos && fa->fa_tos != flp->flowi4_tos)
 			continue;
 		if (fi->fib_dead)

Re: [net PATCH] fib_trie: Fix shift by 32 in fib_table_lookup

[David Miller]

From: Alexander Duyck <aduyck@mirantis.com>
Date: Thu, 28 Jan 2016 13:42:24 -0800

> The fib_table_lookup function had a shift by 32 that triggered a UBSAN
> warning.  This was due to the fact that I had placed the shift first and
> then followed it with the check for the suffix length to ignore the
> undefined behavior.  If we reorder this so that we verify the suffix is
> less than 32 before shifting the value we can avoid the issue.
> 
> Reported-by: Toralf Förster <toralf.foerster@gmx.de>
> Signed-off-by: Alexander Duyck <aduyck@mirantis.com>

Applied.