Re: [PATCH v15 net-next 1/5] sched: Struct definition and parsing of dualpi2 qdisc

On 5/15/25 10:51 AM, Paolo Abeni wrote:

On 5/9/25 11:47 PM, chia-yu.chang@nokia-bell-labs.com wrote:

...

+struct dualpi2_sched_data {

• struct Qdisc *l_queue; /* The L4S Low latency queue (L-queue) */
• struct Qdisc *sch; /* The Classic queue (C-queue) */
• /* Registered tc filters */
• struct tcf_proto __rcu *tcf_filters;
• struct tcf_block *tcf_block;
• /* PI2 parameters */
• u64 pi2_target; /* Target delay in nanoseconds */
• u32 pi2_tupdate; /* Timer frequency in nanoseconds */

AFAICS this can be written from user-space, without any upper bound, causing an integer overflow after converting the frequency from seconds to nsec.

Sorry, I misread the time conversion (is nsec to usec). But with unbounded TCA_DUALPI2_TUPDATE the overflow can still happen.

/P