Re: [PATCH net-next v2 1/1] taprio: Add boundary check for sched-entry values
From: Gerhard Engleder
Date: Wed Oct 18 2023 - 13:57:19 EST
On 18.10.23 05:28, Lai Peter Jun Ann wrote:
Adds boundary checks for the gatemask provided against the number of
traffic class defined for each sched-entry.
Without this check, the user would not know that the gatemask provided is
invalid and the driver has already truncated the gatemask provided to
match the number of traffic class defined.
Signed-off-by: Muhammad Husaini Zulkifli <muhammad.husaini.zulkifli@xxxxxxxxx>
Signed-off-by: Michael Sit Wei Hong <michael.wei.hong.sit@xxxxxxxxx>
Signed-off-by: Lai Peter Jun Ann <jun.ann.lai@xxxxxxxxx>
---
net/sched/sch_taprio.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/net/sched/sch_taprio.c b/net/sched/sch_taprio.c
index 1cb5e41..44b9e21 100644
--- a/net/sched/sch_taprio.c
+++ b/net/sched/sch_taprio.c
@@ -102,6 +102,7 @@ struct taprio_sched {
u32 max_sdu[TC_MAX_QUEUE]; /* save info from the user */
u32 fp[TC_QOPT_MAX_QUEUE]; /* only for dump and offloading */
u32 txtime_delay;
+ u8 num_tc;
};
struct __tc_taprio_qopt_offload {
@@ -1063,6 +1064,11 @@ static int fill_sched_entry(struct taprio_sched *q, struct nlattr **tb,
return -EINVAL;
}
+ if (entry->gate_mask >= q->num_tc) {
As far as I know within gate_mask every bit represents a traffic class.
So for 3 traffic classes at gate_mask of 0x7 is valid but this check
fails with 0x7 >= 3.
+ NL_SET_ERR_MSG(extack, "Traffic Class defined less than gatemask");
+ return -EINVAL;
+ }
+
entry->interval = interval;
return 0;
@@ -1913,6 +1919,8 @@ static int taprio_change(struct Qdisc *sch, struct nlattr *opt,
for (i = 0; i <= TC_BITMASK; i++)
netdev_set_prio_tc_map(dev, i,
mqprio->prio_tc_map[i]);
+
+ q->num_tc = mqprio->num_tc;
}
err = parse_taprio_schedule(q, tb, new_admin, extack);