From: Li Xiasong <lixiasong1@huawei.com> hulk inclusion category: feature bugzilla: https://atomgit.com/openeuler/kernel/issues/9201 -------------------------------- venetcls currently accepts dft_num/sft_num == 0. A zero table size can reach roundup_pow_of_two(0), whose result is undefined, and then derive an invalid hash mask while allocating zero-entry tables. This may lead to out-of-bounds access in flow lookup/update paths. Reject zero dft_num/sft_num in check_params(), and emit explicit errors for invalid mode/ifname/table-size values to make module init failures diagnosable. Signed-off-by: Li Xiasong <lixiasong1@huawei.com> Signed-off-by: Yue Haibing <yuehaibing@huawei.com> --- net/venetcls/venetcls_main.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/net/venetcls/venetcls_main.c b/net/venetcls/venetcls_main.c index ab7808f6a955..fd466597ed7d 100644 --- a/net/venetcls/venetcls_main.c +++ b/net/venetcls/venetcls_main.c @@ -69,12 +69,25 @@ MODULE_PARM_DESC(sft_num, "sock flow table entries, default 0x100000"); static bool check_params(void) { - if (mode != 0 && mode != 1) + if (mode != 0 && mode != 1) { + vecls_error("invalid mode=%d, expected 0/1\n", mode); return false; + } - if (strlen(ifname) == 0) + if (strlen(ifname) == 0) { + vecls_error("invalid ifname, empty string\n"); return false; + } + if (dft_num == 0) { + vecls_error("invalid dft_num=%u, must be > 0\n", dft_num); + return false; + } + + if (sft_num == 0) { + vecls_error("invalid sft_num=%u, must be > 0\n", sft_num); + return false; + } return true; } -- 2.34.1