diff mbox series

[net-next] net: sched: sch: Fix off by one in htb_activate_prios()

Message ID Y+D+KN18FQI2DKLq@kili (mailing list archive)
State Accepted
Commit 9cec2aaffe969f2a3e18b5ec105fc20bb908e475
Delegated to: Netdev Maintainers
Headers show
Series [net-next] net: sched: sch: Fix off by one in htb_activate_prios() | expand

Checks

Context Check Description
netdev/tree_selection success Clearly marked for net-next
netdev/fixes_present success Fixes tag not required for -next series
netdev/subject_prefix success Link
netdev/cover_letter success Single patches do not need cover letters
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 0 this patch: 0
netdev/cc_maintainers success CCed 10 of 10 maintainers
netdev/build_clang success Errors and warnings before: 0 this patch: 0
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 0 this patch: 0
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 8 lines checked
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Dan Carpenter Feb. 6, 2023, 1:18 p.m. UTC 
The > needs be >= to prevent an out of bounds access.

Fixes: de5ca4c3852f ("net: sched: sch: Bounds check priority")
Signed-off-by: Dan Carpenter <error27@gmail.com>
---
 net/sched/sch_htb.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Simon Horman Feb. 6, 2023, 2:15 p.m. UTC | #1 
On Mon, Feb 06, 2023 at 04:18:32PM +0300, Dan Carpenter wrote:
> The > needs be >= to prevent an out of bounds access.
> 
> Fixes: de5ca4c3852f ("net: sched: sch: Bounds check priority")
> Signed-off-by: Dan Carpenter <error27@gmail.com>

Reviewed-by: Simon Horman <simon.horman@corigine.com>
Kees Cook Feb. 6, 2023, 6:39 p.m. UTC | #2 
On Mon, Feb 06, 2023 at 04:18:32PM +0300, Dan Carpenter wrote:
> The > needs be >= to prevent an out of bounds access.
> 
> Fixes: de5ca4c3852f ("net: sched: sch: Bounds check priority")
> Signed-off-by: Dan Carpenter <error27@gmail.com>
> ---
>  net/sched/sch_htb.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/net/sched/sch_htb.c b/net/sched/sch_htb.c
> index cc28e41fb745..92f2975b6a82 100644
> --- a/net/sched/sch_htb.c
> +++ b/net/sched/sch_htb.c
> @@ -433,7 +433,7 @@ static void htb_activate_prios(struct htb_sched *q, struct htb_class *cl)
>  		while (m) {
>  			unsigned int prio = ffz(~m);
>  
> -			if (WARN_ON_ONCE(prio > ARRAY_SIZE(p->inner.clprio)))
> +			if (WARN_ON_ONCE(prio >= ARRAY_SIZE(p->inner.clprio)))

Argh, whoops. Thanks Dan!

Reviewed-by: Kees Cook <keescook@chromium.org>
Jakub Kicinski Feb. 8, 2023, 4:16 a.m. UTC | #3 
On Mon, 6 Feb 2023 16:18:32 +0300 Dan Carpenter wrote:
> Subject: [PATCH net-next] net: sched: sch: Fix off by one in  htb_activate_prios()

Thanks for tagging but just to be sure - this is for net, right?
(no need to repost)

> The > needs be >= to prevent an out of bounds access.
> 
> Fixes: de5ca4c3852f ("net: sched: sch: Bounds check priority")
Dan Carpenter Feb. 8, 2023, 6:18 a.m. UTC | #4 
On Tue, Feb 07, 2023 at 08:16:03PM -0800, Jakub Kicinski wrote:
> On Mon, 6 Feb 2023 16:18:32 +0300 Dan Carpenter wrote:
> > Subject: [PATCH net-next] net: sched: sch: Fix off by one in  htb_activate_prios()
> 
> Thanks for tagging but just to be sure - this is for net, right?
> (no need to repost)
> 

Yes.  And I did verify before sending that it applied to net, but I
still put net-next in the subject because I'm an idiot.

regards,
dan carpenter
patchwork-bot+netdevbpf@kernel.org Feb. 8, 2023, 7:50 a.m. UTC | #5 
Hello:

This patch was applied to netdev/net.git (master)
by Jakub Kicinski <kuba@kernel.org>:

On Mon, 6 Feb 2023 16:18:32 +0300 you wrote:
> The > needs be >= to prevent an out of bounds access.
> 
> Fixes: de5ca4c3852f ("net: sched: sch: Bounds check priority")
> Signed-off-by: Dan Carpenter <error27@gmail.com>
> ---
>  net/sched/sch_htb.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Here is the summary with links:
  - [net-next] net: sched: sch: Fix off by one in htb_activate_prios()
    https://git.kernel.org/netdev/net/c/9cec2aaffe96

You are awesome, thank you!
diff mbox series

Patch

diff --git a/net/sched/sch_htb.c b/net/sched/sch_htb.c
index cc28e41fb745..92f2975b6a82 100644
--- a/net/sched/sch_htb.c
+++ b/net/sched/sch_htb.c
@@ -433,7 +433,7 @@  static void htb_activate_prios(struct htb_sched *q, struct htb_class *cl)
 		while (m) {
 			unsigned int prio = ffz(~m);
 
-			if (WARN_ON_ONCE(prio > ARRAY_SIZE(p->inner.clprio)))
+			if (WARN_ON_ONCE(prio >= ARRAY_SIZE(p->inner.clprio)))
 				break;
 			m &= ~(1 << prio);