netprio_cgroup: fix an off-by-one bug
authorNeil Horman <nhorman@tuxdriver.com>
Fri, 10 Feb 2012 05:43:36 +0000 (05:43 +0000)
committerDavid S. Miller <davem@davemloft.net>
Fri, 10 Feb 2012 20:08:56 +0000 (15:08 -0500)
# mount -t cgroup xxx /mnt
  # mkdir /mnt/tmp
  # cat /mnt/tmp/net_prio.ifpriomap
  lo 0
  eth0 0
  virbr0 0
  # echo 'lo 999' > /mnt/tmp/net_prio.ifpriomap
  # cat /mnt/tmp/net_prio.ifpriomap
  lo 999
  eth0 0
  virbr0 4101267344

We got weired output, because we exceeded the boundary of the array.
We may even crash the kernel..

Origionally-authored-by: Li Zefan <lizf@cn.fujitsu.com>
Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
CC: "David S. Miller" <davem@davemloft.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/core/netprio_cgroup.c

index 9ae183a9a38184c97478017b71b8f5a48f0dd5f5..72c638780805c71bfda4b126cbbd6851e343d798 100644 (file)
@@ -108,7 +108,7 @@ static void extend_netdev_table(struct net_device *dev, u32 new_len)
 static void update_netdev_tables(void)
 {
        struct net_device *dev;
-       u32 max_len = atomic_read(&max_prioidx);
+       u32 max_len = atomic_read(&max_prioidx) + 1;
        struct netprio_map *map;
 
        rtnl_lock();