--- /dev/null
+From 9cec2aaffe969f2a3e18b5ec105fc20bb908e475 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <error27@gmail.com>
+Date: Mon, 6 Feb 2023 16:18:32 +0300
+Subject: net: sched: sch: Fix off by one in htb_activate_prios()
+
+From: Dan Carpenter <error27@gmail.com>
+
+commit 9cec2aaffe969f2a3e18b5ec105fc20bb908e475 upstream.
+
+The > needs be >= to prevent an out of bounds access.
+
+Fixes: de5ca4c3852f ("net: sched: sch: Bounds check priority")
+Signed-off-by: Dan Carpenter <error27@gmail.com>
+Reviewed-by: Simon Horman <simon.horman@corigine.com>
+Reviewed-by: Kees Cook <keescook@chromium.org>
+Link: https://lore.kernel.org/r/Y+D+KN18FQI2DKLq@kili
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/sched/sch_htb.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/sched/sch_htb.c
++++ b/net/sched/sch_htb.c
+@@ -429,7 +429,7 @@ static void htb_activate_prios(struct ht
+ while (m) {
+ unsigned int prio = ffz(~m);
+
+- if (WARN_ON_ONCE(prio > ARRAY_SIZE(p->inner.clprio)))
++ if (WARN_ON_ONCE(prio >= ARRAY_SIZE(p->inner.clprio)))
+ break;
+ m &= ~(1 << prio);
+
alarmtimer-prevent-starvation-by-small-intervals-and-sig_ign.patch
nvme-pci-refresh-visible-attrs-for-cmb-attributes.patch
asoc-sof-intel-hda-dai-fix-possible-stream_tag-leak.patch
+net-sched-sch-fix-off-by-one-in-htb_activate_prios.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
