github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-12 16:18:45 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

net/sched: netem: check for negative latency and jitter

Browse Source 
Reject requests with negative latency or jitter.
A negative value added to current timestamp (u64) wraps
to an enormous time_to_send, disabling dequeue.
The original UAPI used u32 for these values; the conversion to 64-bit
time values via TCA_NETEM_LATENCY64 and TCA_NETEM_JITTER64
allowed signed values to reach the kernel without validation.

Jitter is already silently clamped by an abs() in netem_change();
that abs() can be removed in a follow-up once this rejection is in
place.

Fixes: 99803171ef ("netem: add uapi to express delay and jitter in nanoseconds")
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/20260418032027.900913-7-stephen@networkplumber.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
This commit is contained in:
Stephen Hemminger 2026-04-17 20:19:44 -07:00 committed by Jakub Kicinski
parent 51e94e1e2f
commit 90be9fedb2
1 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
net/sched/sch_netem.c
View File

@ -826,6 +826,16 @@ static int get_dist_table(struct disttable **tbl, const struct nlattr *attr)
return 0;
}
static int validate_time(const struct nlattr *attr, const char *name,
struct netlink_ext_ack *extack)
{
if (nla_get_s64(attr) < 0) {
NL_SET_ERR_MSG_ATTR_FMT(extack, attr, "negative %s", name);
return -EINVAL;
}
return 0;
}
static int validate_slot(const struct nlattr *attr, struct netlink_ext_ack *extack)
{
const struct tc_netem_slot *c = nla_data(attr);
@ -1068,6 +1078,18 @@ static int netem_change(struct Qdisc *sch, struct nlattr *opt,
goto table_free;
}
if (tb[TCA_NETEM_LATENCY64]) {
ret = validate_time(tb[TCA_NETEM_LATENCY64], "latency", extack);
if (ret)
goto table_free;
}
if (tb[TCA_NETEM_JITTER64]) {
ret = validate_time(tb[TCA_NETEM_JITTER64], "jitter", extack);
if (ret)
goto table_free;
}
sch_tree_lock(sch);
/* backup q->clg and q->loss_model */
old_clg = q->clg;