On Mon, Jul 09, 2012 at 09:45:10AM +0200, Eric Dumazet wrote: > From: Eric Dumazet <eduma...@google.com> > > dev->priomap is allocated by extend_netdev_table() called from > update_netdev_tables(). > And this is only called if write_priomap() is called. > > But if write_priomap() is not called, it seems we can have out of bounds > accesses in cgrp_destroy(), read_priomap() & skb_update_prio() > > With help from Gao Feng > > Signed-off-by: Eric Dumazet <eduma...@google.com> > Cc: Neil Horman <nhor...@tuxdriver.com> > Cc: Gao feng <gaof...@cn.fujitsu.com> > --- > net/core/dev.c | 8 ++++++-- > net/core/netprio_cgroup.c | 4 ++-- > 2 files changed, 8 insertions(+), 4 deletions(-) >
Thank you for doing this Eric, Gao. Just to be sure (I asked in the previous thread), would it be better to avoid the length check in skb_update_prio, and instead update the netdev tables to be long enough in cgrp_create and in netprio_device_event on device registration? Neil -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/