hulk inclusion category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I92HXW CVE: CVE-2023-52435
--------------------------------
When backport bugfix of CVE-2023-52435, get a compile warning in skb_segment() as following:
./include/linux/minmax.h:20:28: warning: comparison of distinct pointer types lacks a cast 20 | (!!(sizeof((typeof(x) *)1 == (typeof(y) *)1))) | ^~ ./include/linux/minmax.h:26:4: note: in expansion of macro ‘__typecheck’ 26 | (__typecheck(x, y) && __no_side_effects(x, y)) | ^~~~~~~~~~~ ./include/linux/minmax.h:36:24: note: in expansion of macro ‘__safe_cmp’ 36 | __builtin_choose_expr(__safe_cmp(x, y), \ | ^~~~~~~~~~ ./include/linux/minmax.h:45:19: note: in expansion of macro ‘__careful_cmp’ 45 | #define min(x, y) __careful_cmp(x, y, <) | ^~~~~~~~~~~~~ net/core/skbuff.c:3987:18: note: in expansion of macro ‘min’ 3987 | partial_segs = min(len, GSO_BY_FRAGS - 1) / mss;
Because the version is without commit 867046cc7027 ("minmax: relax check to allow comparison between unsigned arguments and signed constants"). Cast the second parameter of min() to unsigned to fix the warning.
Fixes: 23d05d563b7e ("net: prevent mss overflow in skb_segment()") Signed-off-by: Ziyang Xuan william.xuanziyang@huawei.com --- net/core/skbuff.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/core/skbuff.c b/net/core/skbuff.c index c93662512d02..69081cdfab43 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -3627,7 +3627,7 @@ struct sk_buff *skb_segment(struct sk_buff *head_skb, * now. * Cap len to not accidentally hit GSO_BY_FRAGS. */ - partial_segs = min(len, GSO_BY_FRAGS - 1) / mss; + partial_segs = min(len, (unsigned int)(GSO_BY_FRAGS - 1)) / mss; if (partial_segs > 1) mss *= partial_segs; else