From patchwork Thu Nov 3 16:42:36 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cong Wang X-Patchwork-Id: 690921 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3t8rPL6GV2z9t1L for ; Fri, 4 Nov 2016 03:43:02 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b=HkIQmN+G; dkim-atps=neutral Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758070AbcKCQmt (ORCPT ); Thu, 3 Nov 2016 12:42:49 -0400 Received: from mail-pf0-f195.google.com ([209.85.192.195]:32928 "EHLO mail-pf0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756145AbcKCQmp (ORCPT ); Thu, 3 Nov 2016 12:42:45 -0400 Received: by mail-pf0-f195.google.com with SMTP id a136so5327960pfa.0 for ; Thu, 03 Nov 2016 09:42:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ir9lK4ytaxLIH4IUWsPCVbz4pB9WELxd7bzJyQDe9Vw=; b=HkIQmN+GlLDwxN7uAlb96TU4ZUvY5UTM6DDigD4yx7sW0MT5kDLTlBs8NCQdXCL2pu e3Thgs/yo6K4IkatnurvZTmNtA2EEgJZWe5O4DiV47EWeWpvG7FyyU/cLGOjBcgzF7DA riLnb+cGiXdq4haCQhmpxx4k3S74Ail3visFMLMWJsboAlHET6nHLACLLOIDAtG3m78u Ditke+2KW9jAjgsTTaWGcxieq+NhUUd2ORPOPIuX5lG6hFO/KeHLc39DOpmJ8IBOZptK 5U+mOLpH4LwJZ9a1cDAqC1CLETGu+NQq9WMu/Q2cIvdSjPuRqFvjZ5gehGsZe5FCrScZ ny5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ir9lK4ytaxLIH4IUWsPCVbz4pB9WELxd7bzJyQDe9Vw=; b=Np24oeIcyiShYGWubE264JHci1HsDovq7JXBO0bW0du8EMci4HK9/CbPAtaczWq3un VqNyR/t355LRGvP8mzi+k0uZMYK2arsVkzjsypaCKj7QvLEMz9emYsjVsNZ+gzLdt2HY 7tJlyq3UFiO2FlH4h+lYJJ5IAWVR4jAghrr+7tqD7Yctih6VQ+hePouAbMi0wuABbFzN +0rm0QzCx6oRwPw/U653WS7GAQCshpKondTJPIGdWa7V9NF7V1LqpOB4k9NH+zqJ9+/x oIRhkEi9AZ7UG8BOwW5+KWV31S4wBVH98SLBsL12NeHtpYa4M8HrnIbS7NWYAdnGoI1e ihEw== X-Gm-Message-State: ABUngvfGVLfoPzbvOiBiPRRoKfkHil3bQvMJ8uMkUIrGyT1UiSudqutheWa18lZzRY/Cng== X-Received: by 10.98.193.68 with SMTP id i65mr18576402pfg.155.1478191364447; Thu, 03 Nov 2016 09:42:44 -0700 (PDT) Received: from localhost.net ([8.25.197.24]) by smtp.gmail.com with ESMTPSA id w15sm13947857pfi.55.2016.11.03.09.42.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 03 Nov 2016 09:42:43 -0700 (PDT) From: Cong Wang To: netdev@vger.kernel.org Cc: Cong Wang Subject: [Patch net] taskstats: fix the length of cgroupstats_cmd_get_policy Date: Thu, 3 Nov 2016 09:42:36 -0700 Message-Id: <1478191356-10386-2-git-send-email-xiyou.wangcong@gmail.com> X-Mailer: git-send-email 2.1.0 In-Reply-To: <1478191356-10386-1-git-send-email-xiyou.wangcong@gmail.com> References: <1478191356-10386-1-git-send-email-xiyou.wangcong@gmail.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org cgroupstats_cmd_get_policy is [CGROUPSTATS_CMD_ATTR_MAX+1], taskstats_cmd_get_policy[TASKSTATS_CMD_ATTR_MAX+1], but their family.maxattr is TASKSTATS_CMD_ATTR_MAX. CGROUPSTATS_CMD_ATTR_MAX is less than TASKSTATS_CMD_ATTR_MAX, so we could end up accessing out-of-bound. Change cgroupstats_cmd_get_policy to TASKSTATS_CMD_ATTR_MAX+1, this is safe because the rest are initialized to 0's. Reported-by: Andrey Konovalov Tested-by: Andrey Konovalov Signed-off-by: Cong Wang --- kernel/taskstats.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/kernel/taskstats.c b/kernel/taskstats.c index b3f05ee..cbb387a 100644 --- a/kernel/taskstats.c +++ b/kernel/taskstats.c @@ -54,7 +54,11 @@ static const struct nla_policy taskstats_cmd_get_policy[TASKSTATS_CMD_ATTR_MAX+1 [TASKSTATS_CMD_ATTR_REGISTER_CPUMASK] = { .type = NLA_STRING }, [TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK] = { .type = NLA_STRING },}; -static const struct nla_policy cgroupstats_cmd_get_policy[CGROUPSTATS_CMD_ATTR_MAX+1] = { +/* + * We have to use TASKSTATS_CMD_ATTR_MAX here, it is the maxattr in the family. + * Make sure they are always aligned. + */ +static const struct nla_policy cgroupstats_cmd_get_policy[TASKSTATS_CMD_ATTR_MAX+1] = { [CGROUPSTATS_CMD_ATTR_FD] = { .type = NLA_U32 }, };