On Tue, Jun 9, 2026 at 12:46 AM Ido Schimmel <[email protected]> wrote:
>
> On Mon, Jun 08, 2026 at 11:51:16PM -0700, Xiang Mei wrote:
> > ccm_tx_work_expired() re-arms itself via queue_delayed_work() using
> > the configured exp_interval converted by interval_to_us(). When
> > exp_interval is BR_CFM_CCM_INTERVAL_NONE or out of range,
> > interval_to_us() returns 0, causing the worker to fire immediately in
> > a tight loop that allocates skbs until OOM.
> >
> > Fix this by validating exp_interval at configuration time:
> >
> > - Constrain IFLA_BRIDGE_CFM_CC_CONFIG_EXP_INTERVAL to the valid range
> > [BR_CFM_CCM_INTERVAL_3_3_MS, BR_CFM_CCM_INTERVAL_10_MIN] in the
> > netlink policy so userspace cannot set an invalid value.
> >
> > - Reject starting CCM TX in br_cfm_cc_ccm_tx() when exp_interval has
> > not yet been configured (defaults to 0 from kzalloc).
> >
> > Fixes: 2be665c3940d ("bridge: cfm: Netlink SET configuration Interface.")
> > Reported-by: Weiming Shi <[email protected]>
> > Signed-off-by: Xiang Mei <[email protected]>
>
> Reviewed-by: Ido Schimmel <[email protected]>
>
> > ---
> > v4: remove the Suggested-by tag
>
> Should have kept my R-b tag...
Thanks, Ido, for the tip.
