[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Y9V3mBmLUcrEdrTV@pop-os.localdomain>
Date: Sat, 28 Jan 2023 11:29:28 -0800
From: Cong Wang <xiyou.wangcong@...il.com>
To: Kees Cook <keescook@...omium.org>
Cc: Jamal Hadi Salim <jhs@...atatu.com>, Jiri Pirko <jiri@...nulli.us>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH] net: sched: sch: Bounds check priority
On Fri, Jan 27, 2023 at 02:40:37PM -0800, Kees Cook wrote:
> Nothing was explicitly bounds checking the priority index used to access
> clpriop[]. WARN and bail out early if it's pathological. Seen with GCC 13:
>
> ../net/sched/sch_htb.c: In function 'htb_activate_prios':
> ../net/sched/sch_htb.c:437:44: warning: array subscript [0, 31] is outside array bounds of 'struct htb_prio[8]' [-Warray-bounds=]
> 437 | if (p->inner.clprio[prio].feed.rb_node)
> | ~~~~~~~~~~~~~~~^~~~~~
> ../net/sched/sch_htb.c:131:41: note: while referencing 'clprio'
> 131 | struct htb_prio clprio[TC_HTB_NUMPRIO];
> | ^~~~~~
Reviewed-by: Cong Wang <cong.wang@...edance.com>
We already have a check in htb_change_class():
2056 if ((cl->prio = hopt->prio) >= TC_HTB_NUMPRIO)
2057 cl->prio = TC_HTB_NUMPRIO - 1;
so this patch is just to make GCC 13 happy.
Thanks.
Powered by blists - more mailing lists