lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <a72ac9ee-941c-4e3c-ad11-8c629ee2f480@redhat.com>
Date: Thu, 15 May 2025 11:07:32 +0200
From: Paolo Abeni <pabeni@...hat.com>
To: chia-yu.chang@...ia-bell-labs.com, horms@...nel.org,
 donald.hunter@...il.com, xandfury@...il.com, netdev@...r.kernel.org,
 dave.taht@...il.com, jhs@...atatu.com, kuba@...nel.org,
 stephen@...workplumber.org, xiyou.wangcong@...il.com, jiri@...nulli.us,
 davem@...emloft.net, edumazet@...gle.com, andrew+netdev@...n.ch,
 ast@...erby.net, liuhangbin@...il.com, shuah@...nel.org,
 linux-kselftest@...r.kernel.org, ij@...nel.org, ncardwell@...gle.com,
 koen.de_schepper@...ia-bell-labs.com, g.white@...lelabs.com,
 ingemar.s.johansson@...csson.com, mirja.kuehlewind@...csson.com,
 cheshire@...le.com, rs.ietf@....at, Jason_Livingood@...cast.com,
 vidhi_goel@...le.com
Subject: Re: [PATCH v15 net-next 1/5] sched: Struct definition and parsing of
 dualpi2 qdisc

On 5/15/25 10:51 AM, Paolo Abeni wrote:
> On 5/9/25 11:47 PM, chia-yu.chang@...ia-bell-labs.com wrote:
>> +struct dualpi2_sched_data {
>> +	struct Qdisc *l_queue;	/* The L4S Low latency queue (L-queue) */
>> +	struct Qdisc *sch;	/* The Classic queue (C-queue) */
>> +
>> +	/* Registered tc filters */
>> +	struct tcf_proto __rcu *tcf_filters;
>> +	struct tcf_block *tcf_block;
>> +
>> +	/* PI2 parameters */
>> +	u64	pi2_target;	/* Target delay in nanoseconds */
>> +	u32	pi2_tupdate;	/* Timer frequency in nanoseconds */
> 
> AFAICS this can be written from user-space, without any upper bound,
> causing an integer overflow after converting the frequency from seconds
> to nsec.

Sorry, I misread the time conversion (is nsec to usec). But with
unbounded TCA_DUALPI2_TUPDATE the overflow can still happen.

/P

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ