On Fri, Jun 22, 2018 at 11:46:44PM +0800, air icy wrote: > Hi, > > static inline bool addr4_match(__be32 a1, __be32 a2, u8 prefixlen) > { > /* C99 6.5.7 (3): u32 << 32 is undefined behaviour */ > if (sizeof(long) == 4 && prefixlen == 0) > return true; > return !((a1 ^ a2) & htonl(~0UL << (32 - prefixlen))); > } > > > $ cat report0 > ================================================================================ > UBSAN: Undefined behaviour in ./include/net/xfrm.h:894:23 > shift exponent -128 is negative
Looks like we don't validate the prefixlen of the address family in the xfrm_selector. > This bug can be repro, if you need the repro file, please tell me. Can you send me your reproducer?