* [PATCH net 1/1] net: atm: reject out-of-range traffic classes in QoS validation [not found] <cover.1780965530.git.zcliangcn@gmail.com> @ 2026-06-09 8:34 ` Ren Wei 2026-06-11 16:37 ` Simon Horman 2026-06-12 23:50 ` patchwork-bot+netdevbpf 0 siblings, 2 replies; 3+ messages in thread From: Ren Wei @ 2026-06-09 8:34 UTC (permalink / raw) To: linux-atm-general, netdev; +Cc: 3chas3, yuantan098, bird, zcliangcn, n05ec From: Zhengchuan Liang <zcliangcn@gmail.com> Reject ATM traffic classes above ATM_ANYCLASS in check_tp(). SO_ATMQOS stores the supplied QoS after check_qos() succeeds, so accepting larger values leaves invalid traffic_class values in vcc->qos. That bad state later reaches pvc_info(), which indexes class_name[] with vcc->qos.{rx,tp}.traffic_class. Values above ATM_ANYCLASS cause an out-of-bounds read when /proc/net/atm/pvc is read. Tighten the existing QoS validation so invalid traffic_class values are rejected at the point where user supplied QoS is accepted. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org Reported-by: Yuan Tan <yuantan098@gmail.com> Reported-by: Xin Liu <bird@lzu.edu.cn> Assisted-by: Codex:GPT-5.4 Signed-off-by: Zhengchuan Liang <zcliangcn@gmail.com> Signed-off-by: Ren Wei <n05ec@lzu.edu.cn> --- net/atm/common.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/atm/common.c b/net/atm/common.c index fe77f51f6ce1..6eb78c34c284 100644 --- a/net/atm/common.c +++ b/net/atm/common.c @@ -720,6 +720,8 @@ static int atm_change_qos(struct atm_vcc *vcc, struct atm_qos *qos) static int check_tp(const struct atm_trafprm *tp) { /* @@@ Should be merged with adjust_tp */ + if (tp->traffic_class > ATM_ANYCLASS) + return -EINVAL; if (!tp->traffic_class || tp->traffic_class == ATM_ANYCLASS) return 0; if (tp->traffic_class != ATM_UBR && !tp->min_pcr && !tp->pcr && -- 2.47.3 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH net 1/1] net: atm: reject out-of-range traffic classes in QoS validation 2026-06-09 8:34 ` [PATCH net 1/1] net: atm: reject out-of-range traffic classes in QoS validation Ren Wei @ 2026-06-11 16:37 ` Simon Horman 2026-06-12 23:50 ` patchwork-bot+netdevbpf 1 sibling, 0 replies; 3+ messages in thread From: Simon Horman @ 2026-06-11 16:37 UTC (permalink / raw) To: Ren Wei; +Cc: linux-atm-general, netdev, 3chas3, yuantan098, bird, zcliangcn On Tue, Jun 09, 2026 at 04:34:37PM +0800, Ren Wei wrote: > From: Zhengchuan Liang <zcliangcn@gmail.com> > > Reject ATM traffic classes above ATM_ANYCLASS in check_tp(). > SO_ATMQOS stores the supplied QoS after check_qos() succeeds, so > accepting larger values leaves invalid traffic_class values in > vcc->qos. > > That bad state later reaches pvc_info(), which indexes class_name[] > with vcc->qos.{rx,tp}.traffic_class. Values above ATM_ANYCLASS cause > an out-of-bounds read when /proc/net/atm/pvc is read. > > Tighten the existing QoS validation so invalid traffic_class values > are rejected at the point where user supplied QoS is accepted. > > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") > Cc: stable@vger.kernel.org > Reported-by: Yuan Tan <yuantan098@gmail.com> > Reported-by: Xin Liu <bird@lzu.edu.cn> > Assisted-by: Codex:GPT-5.4 > Signed-off-by: Zhengchuan Liang <zcliangcn@gmail.com> > Signed-off-by: Ren Wei <n05ec@lzu.edu.cn> Reviewed-by: Simon Horman <horms@kernel.org> I believe the issue flagged by AI-generated review on https://netdev-ai.bots.linux.dev/sashiko/ is a false positive. ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH net 1/1] net: atm: reject out-of-range traffic classes in QoS validation 2026-06-09 8:34 ` [PATCH net 1/1] net: atm: reject out-of-range traffic classes in QoS validation Ren Wei 2026-06-11 16:37 ` Simon Horman @ 2026-06-12 23:50 ` patchwork-bot+netdevbpf 1 sibling, 0 replies; 3+ messages in thread From: patchwork-bot+netdevbpf @ 2026-06-12 23:50 UTC (permalink / raw) To: Ren Wei; +Cc: linux-atm-general, netdev, 3chas3, yuantan098, bird, zcliangcn Hello: This patch was applied to netdev/net.git (main) by Jakub Kicinski <kuba@kernel.org>: On Tue, 9 Jun 2026 16:34:37 +0800 you wrote: > From: Zhengchuan Liang <zcliangcn@gmail.com> > > Reject ATM traffic classes above ATM_ANYCLASS in check_tp(). > SO_ATMQOS stores the supplied QoS after check_qos() succeeds, so > accepting larger values leaves invalid traffic_class values in > vcc->qos. > > [...] Here is the summary with links: - [net,1/1] net: atm: reject out-of-range traffic classes in QoS validation https://git.kernel.org/netdev/net/c/cdf19f380e46 You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-06-12 23:50 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <cover.1780965530.git.zcliangcn@gmail.com>
2026-06-09 8:34 ` [PATCH net 1/1] net: atm: reject out-of-range traffic classes in QoS validation Ren Wei
2026-06-11 16:37 ` Simon Horman
2026-06-12 23:50 ` patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox