Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp7002972pxu; Thu, 24 Dec 2020 21:47:24 -0800 (PST) X-Google-Smtp-Source: ABdhPJx940sP9EVm52gtb7M8fq9l6QRjiU4X/9WdzaqKlbDwy4WSD4JHa5bZcBsbOHk1mfsyA6DK X-Received: by 2002:a17:906:34ca:: with SMTP id h10mr31019905ejb.417.1608875244325; Thu, 24 Dec 2020 21:47:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1608875244; cv=none; d=google.com; s=arc-20160816; b=CyZ9R270InZQyTv+rprkIgNXBQ3qPmEbkfWDo6vQxjacTiKl2VwE1VZ/llLKWsIaAu h82hqsH94hOVcrpIpMFb9WUyo7rS+AVlYRq8B/J+rcMjp1zIuxb2jdTLNVVyxViT0IEm e+aHr60PH/9ZjdTX30KVhUtT/Cckv4gXPDTgHSyaQbo7kRDNw1Ut0oJRqyDW55YKjCsF 4liO3/n1mmI6K2ztJuAfQMz05iR6Oo/wjLyAYYaG7cAF5EJZCFN2PkdDuF7/4HPEB2gG sOGB5qYlVlWU61DxFAHSm1TsnQuI+i+meI4zPzly3ftakj/GiewSu25JY005Bnr2Ebi+ GaHQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=Q+LdML/XkLj3O2jo0JJ+VUFgLbsBqPiQgWesGLNIC2M=; b=FtdyiaEz+8ttgrbLJJ8II1cTj+LoJJl5RHp14QjXKIO/5FZNOmZaAKbtczXM3uRqok javek0BmU0M/6QKFBaCx7mtFjwn5R3Vh8NILeqC9MNqrpcmj8icxJvhNpJ2wie6LG08Q CersRXwWmIMPtQ+LiTtryswAtjIppbn3aWh4N6izUCIbhvtydEgINtrCCtA7uENjrxnn YsrBWv3ZO4OgcIOInsdSvX+C3++89uVDP//hM37vxMd7qC62QtuOMHpvBOyB6LnbFbvc nObBapOsSgxRzgvpu2nFTmrH19UGO0oeA2jTllhYSXazKcEAsjpMHUQ861ZE/v8qKcqs Ho0Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v1si13249156ejf.162.2020.12.24.21.47.01; Thu, 24 Dec 2020 21:47:24 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727213AbgLYFpv (ORCPT + 99 others); Fri, 25 Dec 2020 00:45:51 -0500 Received: from out30-44.freemail.mail.aliyun.com ([115.124.30.44]:53766 "EHLO out30-44.freemail.mail.aliyun.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725681AbgLYFpv (ORCPT ); Fri, 25 Dec 2020 00:45:51 -0500 X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R451e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01e01424;MF=weichen.chen@linux.alibaba.com;NM=1;PH=DS;RN=15;SR=0;TI=SMTPD_---0UJi-oZZ_1608875106; Received: from localhost(mailfrom:weichen.chen@linux.alibaba.com fp:SMTPD_---0UJi-oZZ_1608875106) by smtp.aliyun-inc.com(127.0.0.1); Fri, 25 Dec 2020 13:45:06 +0800 From: weichenchen To: eric.dumazet@gmail.com, kuba@kernel.org, davem@davemloft.net Cc: splendidsky.cwc@alibaba-inc.com, yanxu.zw@alibaba-inc.com, weichenchen , David Ahern , Hangbin Liu , Roopa Prabhu , Jeff Dike , Nikolay Aleksandrov , Li RongQing , Roman Mashak , netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v4] net: neighbor: fix a crash caused by mod zero Date: Fri, 25 Dec 2020 13:44:45 +0800 Message-Id: <20201225054448.73256-1-weichen.chen@linux.alibaba.com> X-Mailer: git-send-email 2.20.1 (Apple Git-117) In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org pneigh_enqueue() tries to obtain a random delay by mod NEIGH_VAR(p, PROXY_DELAY). However, NEIGH_VAR(p, PROXY_DELAY) migth be zero at that point because someone could write zero to /proc/sys/net/ipv4/neigh/[device]/proxy_delay after the callers check it. This patch uses prandom_u32_max() to get a random delay instead which avoids potential division by zero. Signed-off-by: weichenchen --- V4: - Use prandom_u32_max() to get a random delay in pneigh_enqueue(). V3: - Callers need to pass the delay time to pneigh_enqueue() now and they should guarantee it is not zero. - Use READ_ONCE() to read NEIGH_VAR(p, PROXY_DELAY) in both of the existing callers of pneigh_enqueue() and then pass it to pneigh_enqueue(). V2: - Use READ_ONCE() to prevent the complier from re-reading NEIGH_VAR(p, PROXY_DELAY). - Give a hint to the complier that delay <= 0 is unlikely to happen. V4 is quite concise and works well. Thanks for Eric's and Jakub's advice. --- net/core/neighbour.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/net/core/neighbour.c b/net/core/neighbour.c index 9500d28a43b0..277ed854aef1 100644 --- a/net/core/neighbour.c +++ b/net/core/neighbour.c @@ -1569,10 +1569,8 @@ static void neigh_proxy_process(struct timer_list *t) void pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p, struct sk_buff *skb) { - unsigned long now = jiffies; - - unsigned long sched_next = now + (prandom_u32() % - NEIGH_VAR(p, PROXY_DELAY)); + unsigned long sched_next = jiffies + + prandom_u32_max(NEIGH_VAR(p, PROXY_DELAY)); if (tbl->proxy_queue.qlen > NEIGH_VAR(p, PROXY_QLEN)) { kfree_skb(skb); -- 2.20.1 (Apple Git-117)