Commit 397006ba authored Oct 13, 2024 by Elena Salomatkina Committed by Jakub Kicinski Oct 15, 2024

net/sched: cbs: Fix integer overflow in cbs_set_port_rate()



The subsequent calculation of port_rate = speed * 1000 * BYTES_PER_KBIT,
where the BYTES_PER_KBIT is of type LL, may cause an overflow.
At least when speed = SPEED_20000, the expression to the left of port_rate
will be greater than INT_MAX.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Elena Salomatkina <esalomatkina@ispras.ru>
Link: https://patch.msgid.link/20241013124529.1043-1-esalomatkina@ispras.ru


Signed-off-by: Jakub Kicinski <kuba@kernel.org>

parent 95b3120a

net/sched/sch_cbs.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -310,7 +310,7 @@ static void cbs_set_port_rate(struct net_device dev, struct cbs_sched_data q)
		{
		struct ethtool_link_ksettings ecmd;
		int speed = SPEED_10;
		int port_rate;
		s64 port_rate;
		int err;

		err = __ethtool_get_link_ksettings(dev, &ecmd);