Received: by 2002:a05:6a10:9e8c:0:0:0:0 with SMTP id y12csp680839pxx; Thu, 29 Oct 2020 11:48:49 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwQPaI7DAlojyQwicFUtRlEURZO15dECPc6sfG5DfIqO6/hP65ILrkXcBgZq3QSwI4QvknR X-Received: by 2002:a17:906:d8ce:: with SMTP id re14mr5319812ejb.275.1603997329362; Thu, 29 Oct 2020 11:48:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1603997329; cv=none; d=google.com; s=arc-20160816; b=AwB9b33R950dFPTvZER7gtaJI3p6IDkRIv31Xh/MvGKOzqwtMa8buwOdAMVIBX86cm RNo2fem1J4oIiEFw9Koc4NiIUx2WFWdfz1JW+8qLNpDSI4AA3nwMYPCcZQiA2zEy/MFE JptEaOD8kkpJJQz4CgBQilHDl09qSTZpZIa7mpusIA3dmh81oWyDilFLyDIASC//eCDf PeJ88+uGB4g5fvspnXVQpYYcavq5ZwtA4AnWHr7GeXz2AW/ZC+mtJTFLcYyJNI2z+suz 59tH6qe+DCkPNYzPe9wBkMPZ2ENgCY4W0vf48ttBjShtyaa0R4dJm03CnzehtqCFrfVb TZJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date :dkim-signature; bh=g2HELm8aIaxiwnLp5QlNzwpbPpj3DCWb1HiqfUrt1cU=; b=RvqZYhmu08aCSUV3VXaQ3QsQ51Xb6OlH3ufqx+9t8lEWlPagmzo0rMEd/Ckt3Sa3UN jc/8rPJnrrRdMIiQWzjshLXaqP4I7c0GaWCqGX8gBygWg5XPHMHdTC16Dksv4u3hspm6 7+5vbDZbmJQA8qW6G/U6SnDx6n88xpyojqACn5kpeUiy2OSpEkUqT28wOf4XjQvGdEc1 LM8xKVRZG1xhl7sP5WKhkTsvEi77KSt0bHbnHpQEO3NGrWt/qp8lAsoAbbAq7sEk1Nhg gyXoBA6DXDK+oYs8ePuag3J6GaxyQD4NYgtmsAY7Npl2dfMNY45cIPsYF5pTDfw75H2i rxrg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=NjVz5QtE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t2si2880863edj.427.2020.10.29.11.48.25; Thu, 29 Oct 2020 11:48:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=NjVz5QtE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725903AbgJ2Sqw (ORCPT + 99 others); Thu, 29 Oct 2020 14:46:52 -0400 Received: from mail.kernel.org ([198.145.29.99]:38050 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725774AbgJ2Sqv (ORCPT ); Thu, 29 Oct 2020 14:46:51 -0400 Received: from kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com (unknown [163.114.132.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id E8880206B6; Thu, 29 Oct 2020 18:46:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1603997210; bh=/yM64ReMgF87Hwyv/ZYL+osCJxbb1ouFPVdxOacUs5A=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=NjVz5QtEvoYzNe3DiTqkGO8NAvrd5AGW1Bl+IXfrfDmnBPDOdiESCssj6Opt3GFeu yWV0Ps/MLE4h+uk14TF5Qjd3QpqotRQ3PInjI+7imCVpg5Yo174nAwW6ihgo4RjzRo mLVfkfFx35j41UMu3yPKTrxE7S47xBxwnTQc+lTo= Date: Thu, 29 Oct 2020 11:46:48 -0700 From: Jakub Kicinski To: Stephen Hemminger Cc: Aleksandr Nogikh , jhs@mojatatu.com, xiyou.wangcong@gmail.com, jiri@resnulli.us, davem@davemloft.net, andreyknvl@google.com, dvyukov@google.com, elver@google.com, rdunlap@infradead.org, dave.taht@gmail.com, edumazet@google.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Aleksandr Nogikh , syzbot+ec762a6342ad0d3c0d8f@syzkaller.appspotmail.com Subject: Re: [PATCH v2] netem: fix zero division in tabledist Message-ID: <20201029114648.64e00e22@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com> In-Reply-To: <20201028111959.6ed6d2c2@hermes.local> References: <20201028170731.1383332-1-aleksandrnogikh@gmail.com> <20201028111959.6ed6d2c2@hermes.local> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 28 Oct 2020 11:19:59 -0700 Stephen Hemminger wrote: > On Wed, 28 Oct 2020 17:07:31 +0000 > Aleksandr Nogikh wrote: > > > From: Aleksandr Nogikh > > > > Currently it is possible to craft a special netlink RTM_NEWQDISC > > command that can result in jitter being equal to 0x80000000. It is > > enough to set the 32 bit jitter to 0x02000000 (it will later be > > multiplied by 2^6) or just set the 64 bit jitter via > > TCA_NETEM_JITTER64. This causes an overflow during the generation of > > uniformly distributed numbers in tabledist(), which in turn leads to > > division by zero (sigma != 0, but sigma * 2 is 0). > > > > The related fragment of code needs 32-bit division - see commit > > 9b0ed89 ("netem: remove unnecessary 64 bit modulus"), so switching to > > 64 bit is not an option. > > > > Fix the issue by keeping the value of jitter within the range that can > > be adequately handled by tabledist() - [0;INT_MAX]. As negative std > > deviation makes no sense, take the absolute value of the passed value > > and cap it at INT_MAX. Inside tabledist(), switch to unsigned 32 bit > > arithmetic in order to prevent overflows. > > > > Signed-off-by: Aleksandr Nogikh > > Reported-by: syzbot+ec762a6342ad0d3c0d8f@syzkaller.appspotmail.com > > Acked-by: Stephen Hemminger Applied, thanks!