netprio_cgroup: fix an off-by-one bug

# mount -t cgroup xxx /mnt
  # mkdir /mnt/tmp
  # cat /mnt/tmp/net_prio.ifpriomap
  lo 0
  eth0 0
  virbr0 0
  # echo 'lo 999' > /mnt/tmp/net_prio.ifpriomap
  # cat /mnt/tmp/net_prio.ifpriomap
  lo 999
  eth0 0
  virbr0 4101267344

We got weired output, because we exceeded the boundary of the array.
We may even crash the kernel..

Origionally-authored-by: Li Zefan <[email protected]>
Signed-off-by: Li Zefan <[email protected]>
Signed-off-by: Neil Horman <[email protected]>
CC: "David S. Miller" <[email protected]>
Signed-off-by: David S. Miller <[email protected]>

diff --git a/net/core/netprio_cgroup.c b/net/core/netprio_cgroup.c
index 9ae183a9a38184c97478017b71b8f5a48f0dd5f5..72c638780805c71bfda4b126cbbd6851e343d798 100644 (file)
--- a/net/core/netprio_cgroup.c
+++ b/net/core/netprio_cgroup.c
@@ -108,7 +108,7 @@ static void extend_netdev_table(struct net_device *dev, u32 new_len)
 static void update_netdev_tables(void)
 {
        struct net_device *dev;
-       u32 max_len = atomic_read(&max_prioidx);
+       u32 max_len = atomic_read(&max_prioidx) + 1;
        struct netprio_map *map;
 
        rtnl_lock();