提交 b761c9b1 编写于 作者: G Gao feng 提交者: David S. Miller

cgroup: fix panic in netprio_cgroup

we set max_prioidx to the first zero bit index of prioidx_map in
function get_prioidx.

So when we delete the low index netprio cgroup and adding a new
netprio cgroup again,the max_prioidx will be set to the low index.

when we set the high index cgroup's net_prio.ifpriomap,the function
write_priomap will call update_netdev_tables to alloc memory which
size is sizeof(struct netprio_map) + sizeof(u32) * (max_prioidx + 1),
so the size of array that map->priomap point to is max_prioidx +1,
which is low than what we actually need.

fix this by adding check in get_prioidx,only set max_prioidx when
max_prioidx low than the new prioidx.
Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
Acked-by: NNeil Horman <nhorman@tuxdriver.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 b93984c9
...@@ -49,8 +49,9 @@ static int get_prioidx(u32 *prio) ...@@ -49,8 +49,9 @@ static int get_prioidx(u32 *prio)
return -ENOSPC; return -ENOSPC;
} }
set_bit(prioidx, prioidx_map); set_bit(prioidx, prioidx_map);
spin_unlock_irqrestore(&prioidx_map_lock, flags); if (atomic_read(&max_prioidx) < prioidx)
atomic_set(&max_prioidx, prioidx); atomic_set(&max_prioidx, prioidx);
spin_unlock_irqrestore(&prioidx_map_lock, flags);
*prio = prioidx; *prio = prioidx;
return 0; return 0;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册