Re: [PATCH] net: sched: sch: Bounds check priority

From: Cong Wang <hidden>
Date: 2023-01-28 19:29:44
Also in: linux-hardening, lkml

On Fri, Jan 27, 2023 at 02:40:37PM -0800, Kees Cook wrote:

Nothing was explicitly bounds checking the priority index used to access
clpriop[]. WARN and bail out early if it's pathological. Seen with GCC 13:

../net/sched/sch_htb.c: In function 'htb_activate_prios':
../net/sched/sch_htb.c:437:44: warning: array subscript [0, 31] is outside array bounds of 'struct htb_prio[8]' [-Warray-bounds=]
  437 |                         if (p->inner.clprio[prio].feed.rb_node)
      |                             ~~~~~~~~~~~~~~~^~~~~~
../net/sched/sch_htb.c:131:41: note: while referencing 'clprio'
  131 |                         struct htb_prio clprio[TC_HTB_NUMPRIO];
      |                                         ^~~~~~

Reviewed-by: Cong Wang <redacted>

We already have a check in htb_change_class():

2056                 if ((cl->prio = hopt->prio) >= TC_HTB_NUMPRIO)
2057                         cl->prio = TC_HTB_NUMPRIO - 1;

so this patch is just to make GCC 13 happy.

Thanks.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help