netprio_cgroup: fix an off-by-one bug
Neil Horman [Fri, 10 Feb 2012 05:43:36 +0000 (05:43 +0000)]
# mount -t cgroup xxx /mnt
  # mkdir /mnt/tmp
  # cat /mnt/tmp/net_prio.ifpriomap
  lo 0
  eth0 0
  virbr0 0
  # echo 'lo 999' > /mnt/tmp/net_prio.ifpriomap
  # cat /mnt/tmp/net_prio.ifpriomap
  lo 999
  eth0 0
  virbr0 4101267344

We got weired output, because we exceeded the boundary of the array.
We may even crash the kernel..

Origionally-authored-by: Li Zefan <lizf@cn.fujitsu.com>
Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
CC: "David S. Miller" <davem@davemloft.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/core/netprio_cgroup.c

index 9ae183a..72c6387 100644 (file)
@@ -108,7 +108,7 @@ static void extend_netdev_table(struct net_device *dev, u32 new_len)
 static void update_netdev_tables(void)
 {
        struct net_device *dev;
-       u32 max_len = atomic_read(&max_prioidx);
+       u32 max_len = atomic_read(&max_prioidx) + 1;
        struct netprio_map *map;
 
        rtnl_lock();