| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CANn89iJ0zy6rr4=O3328heYgiBHNcc9hmAHweTFvAW7iZi8QFw@mail.gmail.com>
Date: Tue, 18 Apr 2023 12:26:13 +0200
From: Eric Dumazet <edumazet@...gle.com>
To: Jakub Kicinski <kuba@...nel.org>
Cc: Davide Caratti <dcaratti@...hat.com>,
Jamal Hadi Salim <jhs@...atatu.com>,
Cong Wang <xiyou.wangcong@...il.com>,
Jiri Pirko <jiri@...nulli.us>,
Christoph Paasch <cpaasch@...le.com>, netdev@...r.kernel.org
Subject: Re: [PATCH net] net/sched: sch_fq: fix integer overflow of "credit"
On Tue, Apr 18, 2023 at 4:30 AM Jakub Kicinski <kuba@...nel.org> wrote:
>
> On Mon, 17 Apr 2023 13:02:40 +0200 Davide Caratti wrote:
> > + u32 initial_quantum = nla_get_u32(tb[TCA_FQ_INITIAL_QUANTUM]);
> > +
> > + if (initial_quantum <= INT_MAX) {
> > + q->initial_quantum = initial_quantum;
> > + } else {
> > + NL_SET_ERR_MSG_MOD(extack, "invalid initial quantum");
> > + err = -EINVAL;
> > + }
>
> Please set the right policy in fq_policy[] instead.
Not sure these policies are available for old kernels (sch_fq was
added in linux-3.12) ?
Or have we backported all this infra already on stable kernels ?
commit d06a09b94c618c96ced584dd4611a888c8856b8d
Author: Johannes Berg <johannes.berg@...el.com>
Date: Thu Apr 30 22:13:08 2020 +0200
netlink: extend policy range validation
Powered by blists - more mailing lists