Re: [PATCH v4] net: neighbor: fix a crash caused by mod zero
From: David Miller
Date: Mon Dec 28 2020 - 17:58:01 EST
From: weichenchen <weichen.chen@xxxxxxxxxxxxxxxxx>
Date: Fri, 25 Dec 2020 13:44:45 +0800
> pneigh_enqueue() tries to obtain a random delay by mod
> NEIGH_VAR(p, PROXY_DELAY). However, NEIGH_VAR(p, PROXY_DELAY)
> migth be zero at that point because someone could write zero
> to /proc/sys/net/ipv4/neigh/[device]/proxy_delay after the
> callers check it.
>
> This patch uses prandom_u32_max() to get a random delay instead
> which avoids potential division by zero.
>
> Signed-off-by: weichenchen <weichen.chen@xxxxxxxxxxxxxxxxx>
> ---
> V4:
> - Use prandom_u32_max() to get a random delay in
> pneigh_enqueue().
> V3:
> - Callers need to pass the delay time to pneigh_enqueue()
> now and they should guarantee it is not zero.
> - Use READ_ONCE() to read NEIGH_VAR(p, PROXY_DELAY) in both
> of the existing callers of pneigh_enqueue() and then pass
> it to pneigh_enqueue().
> V2:
> - Use READ_ONCE() to prevent the complier from re-reading
> NEIGH_VAR(p, PROXY_DELAY).
> - Give a hint to the complier that delay <= 0 is unlikely
> to happen.
>
> V4 is quite concise and works well.
> Thanks for Eric's and Jakub's advice.
Applied and queued up for -stable, thanks.