Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 364C1C38142 for ; Sat, 28 Jan 2023 19:29:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234074AbjA1T3f (ORCPT ); Sat, 28 Jan 2023 14:29:35 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39228 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230150AbjA1T3c (ORCPT ); Sat, 28 Jan 2023 14:29:32 -0500 Received: from mail-oa1-x33.google.com (mail-oa1-x33.google.com [IPv6:2001:4860:4864:20::33]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 795717290; Sat, 28 Jan 2023 11:29:31 -0800 (PST) Received: by mail-oa1-x33.google.com with SMTP id 586e51a60fabf-1631b928691so10536399fac.11; Sat, 28 Jan 2023 11:29:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=Mnmziyjvyqqt82Bs4pX8LS1YFr0jbsiIDT0Vdx6lh+0=; b=gdgFGZ2KK3KcbxPluC6MKbXNLhEHMRNNu8SJnj6tDVQAHY0VoIvs2qr+1rz+0j753r PeWxhu0WUzEf5URM66MsaT3YizsqYQ2fMtEYyxtDWPBNVRKwKI2UKV4yOmky2P+C+6+i V1P/LTJcNhgS6X6lzBcg0bHog7OLt/PCVRMSHGZcVUN1T2YVsbu72tpv2za1Nmpf83BS pmj844dvVxljULeEOJxllnZ+PelXbpw6wwhDUOHDMHesye9LUbWbiZ91AMublhN23wcZ 5GAAOx2lHUj0h8AlhY6i7zwotKpFmzjsDsroXoRqfujhjoK6eMjTOq8VbZYrSRE04PgE bz5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=Mnmziyjvyqqt82Bs4pX8LS1YFr0jbsiIDT0Vdx6lh+0=; b=vFMan7l4fHwHDSNE4YKWn1indK8OsA1CBvaFrteBNbUpFuQYmIqCF+Q5BvfnA2BEK6 i9BdSxhyDwR8QcMOkto+zSld33+eTSjzeyK6t4KwNQN9xNT/NcNhqPmSZUJjakcOyKy8 n/b0r3chtdnqjwuaFqttxDCOeEhZ+MCxv2xglq6PslZG/zs//oIYPlqSKQsUVaJrMO0o bZ1nIZt8xKKkm3uFAeS9IM3+qnrKJeb4j2S4oypyS+pbbI8thdaKPMxDZn6yIGUy2JGq DDQBBkxDdPDq+6F2WuRrUjf7UhkAdaEBn9o8Yxp8lmU8kaBSr58FjxSPGoE96aOvi9QU MPGg== X-Gm-Message-State: AFqh2kqQ6KLwp513AP0Bap010AURlqomj8316C056am9fZzwviAeXgOj 4VQYE1kiiR/3aQilI3AmLbM= X-Google-Smtp-Source: AMrXdXtzHXQMh7yurMrTPNz61Fztvgj7t7rIyQ1L+DW4J2sKXPSWRd3af/w2nBR2H5SZBMZrS7JmTg== X-Received: by 2002:a05:6870:17a8:b0:15f:dbf0:20e8 with SMTP id r40-20020a05687017a800b0015fdbf020e8mr16521636oae.43.1674934169961; Sat, 28 Jan 2023 11:29:29 -0800 (PST) Received: from localhost ([2600:1700:65a0:ab60:645d:3006:6c9:4ca1]) by smtp.gmail.com with ESMTPSA id x206-20020a4a41d7000000b005175b972e52sm499359ooa.31.2023.01.28.11.29.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 28 Jan 2023 11:29:29 -0800 (PST) Date: Sat, 28 Jan 2023 11:29:28 -0800 From: Cong Wang To: Kees Cook Cc: Jamal Hadi Salim , Jiri Pirko , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH] net: sched: sch: Bounds check priority Message-ID: References: <20230127224036.never.561-kees@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230127224036.never.561-kees@kernel.org> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jan 27, 2023 at 02:40:37PM -0800, Kees Cook wrote: > Nothing was explicitly bounds checking the priority index used to access > clpriop[]. WARN and bail out early if it's pathological. Seen with GCC 13: > > ../net/sched/sch_htb.c: In function 'htb_activate_prios': > ../net/sched/sch_htb.c:437:44: warning: array subscript [0, 31] is outside array bounds of 'struct htb_prio[8]' [-Warray-bounds=] > 437 | if (p->inner.clprio[prio].feed.rb_node) > | ~~~~~~~~~~~~~~~^~~~~~ > ../net/sched/sch_htb.c:131:41: note: while referencing 'clprio' > 131 | struct htb_prio clprio[TC_HTB_NUMPRIO]; > | ^~~~~~ Reviewed-by: Cong Wang We already have a check in htb_change_class(): 2056 if ((cl->prio = hopt->prio) >= TC_HTB_NUMPRIO) 2057 cl->prio = TC_HTB_NUMPRIO - 1; so this patch is just to make GCC 13 happy. Thanks.