From: Li Zefan <lizefan@huawei.com>
To: David Miller <davem@davemloft.net>
Cc: <netdev@vger.kernel.org>, Gao feng <gaofeng@cn.fujitsu.com>,
John Fastabend <john.r.fastabend@intel.com>,
Neil Horman <nhorman@tuxdriver.com>
Subject: [PATCH 3.4.y 1/3] cgroup: fix panic in netprio_cgroup
Date: Sat, 26 Jan 2013 12:41:15 +0800 [thread overview]
Message-ID: <51035E6B.1000106@huawei.com> (raw)
In-Reply-To: <51035E4F.6030508@huawei.com>
From: Gao feng <gaofeng@cn.fujitsu.com>
commit b761c9b1f4f69eb53fb6147547a1ab25237a93b3 upstream.
we set max_prioidx to the first zero bit index of prioidx_map in
function get_prioidx.
So when we delete the low index netprio cgroup and adding a new
netprio cgroup again,the max_prioidx will be set to the low index.
when we set the high index cgroup's net_prio.ifpriomap,the function
write_priomap will call update_netdev_tables to alloc memory which
size is sizeof(struct netprio_map) + sizeof(u32) * (max_prioidx + 1),
so the size of array that map->priomap point to is max_prioidx +1,
which is low than what we actually need.
fix this by adding check in get_prioidx,only set max_prioidx when
max_prioidx low than the new prioidx.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Li Zefan <lizefan@huawei.com>
---
net/core/netprio_cgroup.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/core/netprio_cgroup.c b/net/core/netprio_cgroup.c
index ba6900f..4435296 100644
--- a/net/core/netprio_cgroup.c
+++ b/net/core/netprio_cgroup.c
@@ -62,8 +62,9 @@ static int get_prioidx(u32 *prio)
return -ENOSPC;
}
set_bit(prioidx, prioidx_map);
+ if (atomic_read(&max_prioidx) < prioidx)
+ atomic_set(&max_prioidx, prioidx);
spin_unlock_irqrestore(&prioidx_map_lock, flags);
- atomic_set(&max_prioidx, prioidx);
*prio = prioidx;
return 0;
}
--
1.8.0.2
next prev parent reply other threads:[~2013-01-26 4:41 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-26 4:40 [PATCH 3.4.y 0/3] netprio_cgroup: a few patches for stable tree Li Zefan
2013-01-26 4:41 ` Li Zefan [this message]
2013-01-26 4:41 ` [PATCH 3.4.y 2/3] net: cgroup: fix access the unallocated memory in netprio cgroup Li Zefan
2013-01-26 4:42 ` [PATCH 3.4.y 3/3] net: netprio: fix cgrp create and write priomap race Li Zefan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51035E6B.1000106@huawei.com \
--to=lizefan@huawei.com \
--cc=davem@davemloft.net \
--cc=gaofeng@cn.fujitsu.com \
--cc=john.r.fastabend@intel.com \
--cc=netdev@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.