Re: [PATCH v4] net: neighbor: fix a crash caused by mod zero

From: David Miller
Date: Mon Dec 28 2020 - 17:58:01 EST

Next message: Andy Shevchenko: "Re: [PATCH v3 14/14] ipu3-cio2: Add cio2-bridge to ipu3-cio2 driver"
Previous message: Jakub Kicinski: "Re: [PATCH net] net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered"
In reply to: weichenchen: "[PATCH v4] net: neighbor: fix a crash caused by mod zero"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: weichenchen <weichen.chen@xxxxxxxxxxxxxxxxx>
Date: Fri, 25 Dec 2020 13:44:45 +0800

> pneigh_enqueue() tries to obtain a random delay by mod
> NEIGH_VAR(p, PROXY_DELAY). However, NEIGH_VAR(p, PROXY_DELAY)
> migth be zero at that point because someone could write zero
> to /proc/sys/net/ipv4/neigh/[device]/proxy_delay after the
> callers check it.
>
> This patch uses prandom_u32_max() to get a random delay instead
> which avoids potential division by zero.
>
> Signed-off-by: weichenchen <weichen.chen@xxxxxxxxxxxxxxxxx>
> ---
> V4:
> - Use prandom_u32_max() to get a random delay in
> pneigh_enqueue().
> V3:
> - Callers need to pass the delay time to pneigh_enqueue()
> now and they should guarantee it is not zero.
> - Use READ_ONCE() to read NEIGH_VAR(p, PROXY_DELAY) in both
> of the existing callers of pneigh_enqueue() and then pass
> it to pneigh_enqueue().
> V2:
> - Use READ_ONCE() to prevent the complier from re-reading
> NEIGH_VAR(p, PROXY_DELAY).
> - Give a hint to the complier that delay <= 0 is unlikely
> to happen.
>
> V4 is quite concise and works well.
> Thanks for Eric's and Jakub's advice.

Applied and queued up for -stable, thanks.

Next message: Andy Shevchenko: "Re: [PATCH v3 14/14] ipu3-cio2: Add cio2-bridge to ipu3-cio2 driver"
Previous message: Jakub Kicinski: "Re: [PATCH net] net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered"
In reply to: weichenchen: "[PATCH v4] net: neighbor: fix a crash caused by mod zero"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]