net/sched: cbs: Fix integer overflow in cbs_set_port_rate()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The subsequent calculation of port_rate = speed * 1000 * BYTES_PER_KBIT,
where the BYTES_PER_KBIT is of type LL, may cause an overflow.
At least when speed = SPEED_20000, the expression to the left of port_rate
will be greater than INT_MAX.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Elena Salomatkina <esalomatkina@ispras.ru>
Link: https://patch.msgid.link/20241013124529.1043-1-esalomatkina@ispras.ru
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Elena Salomatkina and committed by

Jakub Kicinski 1 year ago 397006ba 95b3120a

+1 -1

1 changed file

expand all

net

sched

sch_cbs.c

+1 -1

net/sched/sch_cbs.c

··· 310 310 { 311 311 struct ethtool_link_ksettings ecmd; 312 312 int speed = SPEED_10; 313 - int port_rate; 313 + s64 port_rate; 314 314 int err; 315 315 316 316 err = __ethtool_get_link_ksettings(dev, &ecmd);