From fbf8e7211ac7858d3df4a4203c18da7a58560784 Mon Sep 17 00:00:00 2001
From: Shuah Khan <shuahkh@osg.samsung.com>
Date: Tue, 11 Nov 2014 10:04:13 -0700
Subject: selftests/net: psock_fanout seg faults in sock_fanout_read_ring()

The while loop in sock_fanout_read_ring() checks mmap region
bounds after access, causing it to segfault. Fix it to check
count before accessing header->tp_status. This problem can be
reproduced consistently when the test in run as follows:

    make -C tools/testing/selftests TARGETS=net run_tests
    or
    make run_tests from tools/testing/selftests
    or
    make run_test from tools/testing/selftests/net

Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
 tools/testing/selftests/net/psock_fanout.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'tools/testing/selftests')

diff --git a/tools/testing/selftests/net/psock_fanout.c b/tools/testing/selftests/net/psock_fanout.c
index 57b9c2b7c4ff..6f6733331d95 100644
--- a/tools/testing/selftests/net/psock_fanout.c
+++ b/tools/testing/selftests/net/psock_fanout.c
@@ -128,7 +128,7 @@ static int sock_fanout_read_ring(int fd, void *ring)
 	struct tpacket2_hdr *header = ring;
 	int count = 0;
 
-	while (header->tp_status & TP_STATUS_USER && count < RING_NUM_FRAMES) {
+	while (count < RING_NUM_FRAMES && header->tp_status & TP_STATUS_USER) {
 		count++;
 		header = ring + (count * getpagesize());
 	}
-- 
cgit v1.2.3-59-g8ed1b