sch_sfq: validate silly quantum values (df4953e4) · Commits · Mirrors / git.kernel.org / pub_scm_linux_kernel_git_stable_linux · GitLab

Commit df4953e4 authored Apr 26, 2020 by

Eric Dumazet Committed by David S. Miller Apr 27, 2020

sch_sfq: validate silly quantum values

syzbot managed to set up sfq so that q->scaled_quantum was zero,
triggering an infinite loop in sfq_dequeue()

More generally, we must only accept quantum between 1 and 2^18 - 7,
meaning scaled_quantum must be in [1, 0x7FFF] range.

Otherwise, we also could have a loop in sfq_dequeue()
if scaled_quantum happens to be 0x8000, since slot->allot
could indefinitely switch between 0 and 0x8000.

Fixes: eeaeb068

 ("sch_sfq: allow big packets and be fair")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by:  <syzbot+0251e883fe39e7a0cb0a@syzkaller.appspotmail.com>
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent cf7fc3af

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit cdacfbb6
· May 15, 2020

mentioned in commit cdacfbb6

mentioned in commit cdacfbb66f96d77e9ceb394ce9a12551ae63d67c

Toggle commit list
mirror @mirror
mentioned in commit f2d58195
· May 15, 2020

mentioned in commit f2d58195

mentioned in commit f2d58195177527fb57a66505e30aecee164f33fd

Toggle commit list
mirror @mirror
mentioned in commit 2149c61b
· May 15, 2020

mentioned in commit 2149c61b

mentioned in commit 2149c61b047f66241276f708b061b9cbfb097c4f

Toggle commit list
mirror @mirror
mentioned in commit 116555b3
· May 21, 2020

mentioned in commit 116555b3

mentioned in commit 116555b32d992998e574bebd3792fa67a5bfcff0

Toggle commit list
mirror @mirror
mentioned in commit 019495fa
· May 21, 2020

mentioned in commit 019495fa

mentioned in commit 019495fa4e5bbdeecb087a37417f9bad10da5f41

Toggle commit list

Please register or to comment