| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200108.124137.101510987796630147.davem@davemloft.net>
Date: Wed, 08 Jan 2020 12:41:37 -0800 (PST)
From: David Miller <davem@...emloft.net>
To: edumazet@...gle.com
Cc: netdev@...r.kernel.org, eric.dumazet@...il.com, fw@...len.de,
syzbot+dc9071cc5a85950bdfce@...kaller.appspotmail.com
Subject: Re: [PATCH net] pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM
From: Eric Dumazet <edumazet@...gle.com>
Date: Mon, 6 Jan 2020 06:10:39 -0800
> As diagnosed by Florian :
>
> If TCA_FQ_QUANTUM is set to 0x80000000, fq_deueue()
> can loop forever in :
>
> if (f->credit <= 0) {
> f->credit += q->quantum;
> goto begin;
> }
>
> ... because f->credit is either 0 or -2147483648.
>
> Let's limit TCA_FQ_QUANTUM to no more than 1 << 20 :
> This max value should limit risks of breaking user setups
> while fixing this bug.
>
> Fixes: afe4fd062416 ("pkt_sched: fq: Fair Queue packet scheduler")
> Signed-off-by: Eric Dumazet <edumazet@...gle.com>
> Diagnosed-by: Florian Westphal <fw@...len.de>
> Reported-by: syzbot+dc9071cc5a85950bdfce@...kaller.appspotmail.com
Applied and queued up for -stable, thanks.
Powered by blists - more mailing lists