linux-sg2042/net/sched
Eric Dumazet df4953e4e9 sch_sfq: validate silly quantum values
syzbot managed to set up sfq so that q->scaled_quantum was zero,
triggering an infinite loop in sfq_dequeue()

More generally, we must only accept quantum between 1 and 2^18 - 7,
meaning scaled_quantum must be in [1, 0x7FFF] range.

Otherwise, we also could have a loop in sfq_dequeue()
if scaled_quantum happens to be 0x8000, since slot->allot
could indefinitely switch between 0 and 0x8000.

Fixes: eeaeb068f1 ("sch_sfq: allow big packets and be fair")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot+0251e883fe39e7a0cb0a@syzkaller.appspotmail.com
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-04-27 11:49:57 -07:00
..
Kconfig net/sched: act_ct: Create nf flow table per zone 2020-03-03 15:09:12 -08:00
Makefile net: sched: add Flow Queue PIE packet scheduler 2020-01-23 11:38:31 +01:00
act_api.c net: sched: expose HW stats types per action used by drivers 2020-03-30 11:06:49 -07:00
act_bpf.c bpf: Add socket assign support 2020-03-30 13:45:04 -07:00
act_connmark.c net: sched: update action implementations to support flags 2019-10-30 18:07:51 -07:00
act_csum.c Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-11-26 15:42:43 -08:00
act_ct.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-03-25 18:58:11 -07:00
act_ctinfo.c net: sched: act_ctinfo: fix memory leak 2020-01-19 16:02:15 +01:00
act_gact.c net: sched: update action implementations to support flags 2019-10-30 18:07:51 -07:00
act_ife.c net/sched: act_ife: initalize ife->metalist earlier 2020-01-17 10:58:15 +01:00
act_ipt.c net: sched: update action implementations to support flags 2019-10-30 18:07:51 -07:00
act_meta_mark.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
act_meta_skbprio.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
act_meta_skbtcindex.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
act_mirred.c net: Fix CONFIG_NET_CLS_ACT=n and CONFIG_NFT_FWD_NETDEV={y, m} build 2020-03-25 12:24:33 -07:00
act_mpls.c net: Fixed updating of ethertype in skb_mpls_push() 2019-12-04 17:11:25 -08:00
act_nat.c icmp: remove duplicate code 2019-11-05 14:03:11 -08:00
act_pedit.c sched: act_pedit: Implement stats_update callback 2020-03-26 19:20:37 -07:00
act_police.c Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-11-26 15:42:43 -08:00
act_sample.c net: sched: lock action when translating it to flow_action infra 2020-02-17 14:17:02 -08:00
act_simple.c net_sched: extend packet counter to 64bit 2019-11-05 18:20:55 -08:00
act_skbedit.c sched: act_skbedit: Implement stats_update callback 2020-03-26 19:20:37 -07:00
act_skbmod.c net: sched: update action implementations to support flags 2019-10-30 18:07:51 -07:00
act_tunnel_key.c Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-11-26 15:42:43 -08:00
act_vlan.c Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-11-26 15:42:43 -08:00
cls_api.c net: sched: Fix setting last executed chain on skb extension 2020-04-07 18:32:08 -07:00
cls_basic.c net_sched: fix ops->bind_class() implementations 2020-01-27 10:51:43 +01:00
cls_bpf.c net_sched: fix ops->bind_class() implementations 2020-01-27 10:51:43 +01:00
cls_cgroup.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cls_flow.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cls_flower.c net: sched: expose HW stats types per action used by drivers 2020-03-30 11:06:49 -07:00
cls_fw.c net_sched: fix ops->bind_class() implementations 2020-01-27 10:51:43 +01:00
cls_matchall.c net: sched: expose HW stats types per action used by drivers 2020-03-30 11:06:49 -07:00
cls_route.c net_sched: cls_route: remove the right filter from hashtable 2020-03-16 01:59:32 -07:00
cls_rsvp.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cls_rsvp.h cls_rsvp: fix rsvp_policy 2020-02-01 12:25:06 -08:00
cls_rsvp6.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cls_tcindex.c net_sched: fix a missing refcnt in tcindex_init() 2020-04-03 16:00:08 -07:00
cls_u32.c net_sched: fix ops->bind_class() implementations 2020-01-27 10:51:43 +01:00
em_canid.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 11 2019-05-21 11:28:45 +02:00
em_cmp.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
em_ipset.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
em_ipt.c net: sched: Replace zero-length array with flexible-array member 2020-02-29 21:27:02 -08:00
em_meta.c net: annotate lockless accesses to sk->sk_max_ack_backlog 2019-11-06 16:14:48 -08:00
em_nbyte.c net: sched: Replace zero-length array with flexible-array member 2020-02-29 21:27:02 -08:00
em_text.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
em_u32.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ematch.c net_sched: ematch: reject invalid TCF_EM_SIMPLE 2020-01-27 10:55:26 +01:00
sch_api.c net_sched: do not reprogram a timer about to expire 2020-03-17 21:16:35 -07:00
sch_atm.c net: sched: Replace zero-length array with flexible-array member 2020-02-29 21:27:02 -08:00
sch_blackhole.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sch_cake.c net: sched: use skb_list_walk_safe helper for gso segments 2020-01-14 11:48:41 -08:00
sch_cbq.c sch_cbq: validate TCA_CBQ_WRROPT to avoid crash 2019-09-30 11:07:46 -07:00
sch_cbs.c net: cbs: Fix software cbs to consider packet sending time 2020-03-24 16:14:05 -07:00
sch_choke.c sch_choke: avoid potential panic in choke_reset() 2020-04-27 11:35:27 -07:00
sch_codel.c net: sched: Fix a possible null-pointer dereference in dequeue_func() 2019-07-29 09:46:58 -07:00
sch_drr.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
sch_dsmark.c sch_dsmark: fix potential NULL deref in dsmark_init() 2019-10-04 18:28:30 -07:00
sch_etf.c sched: etf: do not assume all sockets are full blown 2020-04-22 19:20:28 -07:00
sch_ets.c net: sch_ets: Make the ETS qdisc offloadable 2019-12-18 13:32:29 -08:00
sch_fifo.c net: sched: Make FIFO Qdisc offloadable 2020-03-05 14:03:31 -08:00
sch_fq.c net_sched: sch_fq: enable use of hrtimer slack 2020-03-17 21:16:35 -07:00
sch_fq_codel.c fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks 2020-04-27 11:34:04 -07:00
sch_fq_pie.c pie: remove pie_vars->accu_prob_overflows 2020-03-04 13:25:55 -08:00
sch_generic.c Revert "net: sched: make newly activated qdiscs visible" 2020-03-12 11:19:24 -07:00
sch_gred.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sch_hfsc.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
sch_hhf.c net/flow_dissector: switch to siphash 2019-10-23 20:13:22 -07:00
sch_htb.c net: sched: sch_htb: don't call qdisc_put() while holding tree lock 2019-09-27 12:13:55 +02:00
sch_ingress.c net: sched: Pass ingress block to tcf_classify_ingress 2020-02-19 17:49:48 -08:00
sch_mq.c net: sched: fix dump qlen for sch_mq/sch_mqprio with NOLOCK subqueues 2019-12-03 11:53:55 -08:00
sch_mqprio.c mqprio: Fix out-of-bounds access in mqprio_dump 2019-12-06 11:58:45 -08:00
sch_multiq.c net: sched: fix `tc -s class show` no bstats on class with nolock subqueues 2019-11-30 10:38:40 -08:00
sch_netem.c net: sched: Replace zero-length array with flexible-array member 2020-02-29 21:27:02 -08:00
sch_pie.c net: sched: pie: change tc_pie_xstats->prob 2020-03-09 18:05:55 -07:00
sch_plug.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sch_prio.c net: sch_prio: When ungrafting, replace with FIFO 2020-01-08 12:45:53 -08:00
sch_qfq.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
sch_red.c net: introduce nla_put_bitfield32() helper and use it 2020-03-30 11:06:49 -07:00
sch_sfb.c net/flow_dissector: switch to siphash 2019-10-23 20:13:22 -07:00
sch_sfq.c sch_sfq: validate silly quantum values 2020-04-27 11:49:57 -07:00
sch_skbprio.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sch_taprio.c taprio: Fix sending packets without dequeueing them 2020-03-12 11:25:08 -07:00
sch_tbf.c net: sched: Make TBF Qdisc offloadable 2020-01-25 10:56:31 +01:00
sch_teql.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00