AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
59f0363346
kernel_optimize_test/net/sched
History
Eric Dumazet 2de3d961f8 sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc 
commit 7d18a07897d07495ee140dd319b0e9265c0f68ba upstream.

tx_queue_len can be set to ~0U, we need to be more
careful about overflows.

__fls(0) is undefined, as this report shows:

UBSAN: shift-out-of-bounds in net/sched/sch_qfq.c:1430:24
shift exponent 51770272 is too large for 32-bit type 'int'
CPU: 0 PID: 25574 Comm: syz-executor.0 Not tainted 5.16.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x201/0x2d8 lib/dump_stack.c:106
 ubsan_epilogue lib/ubsan.c:151 [inline]
 __ubsan_handle_shift_out_of_bounds+0x494/0x530 lib/ubsan.c:330
 qfq_init_qdisc+0x43f/0x450 net/sched/sch_qfq.c:1430
 qdisc_create+0x895/0x1430 net/sched/sch_api.c:1253
 tc_modify_qdisc+0x9d9/0x1e20 net/sched/sch_api.c:1660
 rtnetlink_rcv_msg+0x934/0xe60 net/core/rtnetlink.c:5571
 netlink_rcv_skb+0x200/0x470 net/netlink/af_netlink.c:2496
 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
 netlink_unicast+0x814/0x9f0 net/netlink/af_netlink.c:1345
 netlink_sendmsg+0xaea/0xe60 net/netlink/af_netlink.c:1921
 sock_sendmsg_nosec net/socket.c:704 [inline]
 sock_sendmsg net/socket.c:724 [inline]
 ____sys_sendmsg+0x5b9/0x910 net/socket.c:2409
 ___sys_sendmsg net/socket.c:2463 [inline]
 __sys_sendmsg+0x280/0x370 net/socket.c:2492
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Fixes: 462dbc9101 ("pkt_sched: QFQ Plus: fair-queueing service at DRR cost")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-01-11 15:25:00 +01:00
..
act_api.c
act_bpf.c
act_connmark.c
act_csum.c
act_ct.c
act_ctinfo.c
act_gact.c
act_gate.c
act_ife.c
act_ipt.c
act_meta_mark.c
act_meta_skbprio.c
act_meta_skbtcindex.c
act_mirred.c net: sched: act_mirred: drop dst for the direction from egress to ingress 2021-11-26 10:39:16 +01:00
act_mpls.c
act_nat.c
act_pedit.c
act_police.c
act_sample.c
act_simple.c
act_skbedit.c
act_skbmod.c
act_tunnel_key.c
act_vlan.c
cls_api.c flow_offload: return EOPNOTSUPP for the unsupported mpls action type 2021-12-22 09:30:54 +01:00
cls_basic.c
cls_bpf.c
cls_cgroup.c
cls_flow.c
cls_flower.c
cls_fw.c
cls_matchall.c
cls_route.c
cls_rsvp.c
cls_rsvp.h
cls_rsvp6.c
cls_tcindex.c
cls_u32.c
em_canid.c
em_cmp.c
em_ipset.c
em_ipt.c
em_meta.c
em_nbyte.c
em_text.c
em_u32.c
ematch.c
Kconfig
Makefile
sch_api.c net: prevent user from passing illegal stab size 2021-10-17 10:43:33 +02:00
sch_atm.c
sch_blackhole.c
sch_cake.c sch_cake: do not call cake_destroy() from cake_init() 2021-12-22 09:30:53 +01:00
sch_cbq.c
sch_cbs.c
sch_choke.c
sch_codel.c
sch_drr.c
sch_dsmark.c
sch_etf.c
sch_ets.c net/sched: sch_ets: don't remove idle classes from the round-robin list 2021-12-22 09:30:54 +01:00
sch_fifo.c
sch_fq_codel.c
sch_fq_pie.c net/sched: fq_pie: prevent dismantle issue 2021-12-14 11:32:37 +01:00
sch_fq.c
sch_generic.c net: sched: update default qdisc visibility after Tx queue cnt changes 2021-11-18 14:03:53 +01:00
sch_gred.c
sch_hfsc.c
sch_hhf.c
sch_htb.c
sch_ingress.c
sch_mq.c net: sched: update default qdisc visibility after Tx queue cnt changes 2021-11-18 14:03:53 +01:00
sch_mqprio.c net: sched: update default qdisc visibility after Tx queue cnt changes 2021-11-18 14:03:53 +01:00
sch_multiq.c
sch_netem.c
sch_pie.c
sch_plug.c
sch_prio.c
sch_qfq.c sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc 2022-01-11 15:25:00 +01:00
sch_red.c
sch_sfb.c
sch_sfq.c
sch_skbprio.c
sch_taprio.c net/sched: sch_taprio: fix undefined behavior in ktime_mono_to_any 2021-11-18 14:04:27 +01:00
sch_tbf.c
sch_teql.c