This is a note to let you know that I've just added the patch titled
net: sched: sch: Fix off by one in htb_activate_prios()
to the 5.15-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
net-sched-sch-fix-off-by-one-in-htb_activate_prios.patch
and it can be found in the queue-5.15 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 9cec2aaffe969f2a3e18b5ec105fc20bb908e475 Mon Sep 17 00:00:00 2001
From: Dan Carpenter <error27@xxxxxxxxx>
Date: Mon, 6 Feb 2023 16:18:32 +0300
Subject: net: sched: sch: Fix off by one in htb_activate_prios()
From: Dan Carpenter <error27@xxxxxxxxx>
commit 9cec2aaffe969f2a3e18b5ec105fc20bb908e475 upstream.
The > needs be >= to prevent an out of bounds access.
Fixes: de5ca4c3852f ("net: sched: sch: Bounds check priority")
Signed-off-by: Dan Carpenter <error27@xxxxxxxxx>
Reviewed-by: Simon Horman <simon.horman@xxxxxxxxxxxx>
Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>
Link: https://lore.kernel.org/r/Y+D+KN18FQI2DKLq@kili
Signed-off-by: Jakub Kicinski <kuba@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/sched/sch_htb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/sched/sch_htb.c
+++ b/net/sched/sch_htb.c
@@ -429,7 +429,7 @@ static void htb_activate_prios(struct ht
while (m) {
unsigned int prio = ffz(~m);
- if (WARN_ON_ONCE(prio > ARRAY_SIZE(p->inner.clprio)))
+ if (WARN_ON_ONCE(prio >= ARRAY_SIZE(p->inner.clprio)))
break;
m &= ~(1 << prio);
Patches currently in stable-queue which might be from error27@xxxxxxxxx are
queue-5.15/net-sched-sch-fix-off-by-one-in-htb_activate_prios.patch
queue-5.15/nvmem-core-fix-return-value.patch
queue-5.15/nvmem-core-fix-cleanup-after-dev_set_name.patch
