leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3d66b89c30
linux/net/sched
History
Eric Dumazet 3d66b89c30 net: sched: fix possible crash in tcf_action_destroy() 
If the allocation done in tcf_exts_init() failed,
we end up with a NULL pointer in exts->actions.

kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8198 Comm: syz-executor.3 Not tainted 5.3.0-rc8+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:tcf_action_destroy+0x71/0x160 net/sched/act_api.c:705
Code: c3 08 44 89 ee e8 4f cb bb fb 41 83 fd 20 0f 84 c9 00 00 00 e8 c0 c9 bb fb 48 89 d8 48 b9 00 00 00 00 00 fc ff df 48 c1 e8 03 <80> 3c 08 00 0f 85 c0 00 00 00 4c 8b 33 4d 85 f6 0f 84 9d 00 00 00
RSP: 0018:ffff888096e16ff0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: dffffc0000000000
RDX: 0000000000040000 RSI: ffffffff85b6ab30 RDI: 0000000000000000
RBP: ffff888096e17020 R08: ffff8880993f6140 R09: fffffbfff11cae67
R10: fffffbfff11cae66 R11: ffffffff88e57333 R12: 0000000000000000
R13: 0000000000000000 R14: ffff888096e177a0 R15: 0000000000000001
FS:  00007f62bc84a700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000758040 CR3: 0000000088b64000 CR4: 00000000001426e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 tcf_exts_destroy+0x38/0xb0 net/sched/cls_api.c:3030
 tcindex_set_parms+0xf7f/0x1e50 net/sched/cls_tcindex.c:488
 tcindex_change+0x230/0x318 net/sched/cls_tcindex.c:519
 tc_new_tfilter+0xa4b/0x1c70 net/sched/cls_api.c:2152
 rtnetlink_rcv_msg+0x838/0xb00 net/core/rtnetlink.c:5214
 netlink_rcv_skb+0x177/0x450 net/netlink/af_netlink.c:2477
 rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5241
 netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
 netlink_unicast+0x531/0x710 net/netlink/af_netlink.c:1328
 netlink_sendmsg+0x8a5/0xd60 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:637 [inline]
 sock_sendmsg+0xd7/0x130 net/socket.c:657
 ___sys_sendmsg+0x3e2/0x920 net/socket.c:2311
 __sys_sendmmsg+0x1bf/0x4d0 net/socket.c:2413
 __do_sys_sendmmsg net/socket.c:2442 [inline]

Fixes: 90b73b77d0 ("net: sched: change action API to use array of pointers to actions")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Vlad Buslov <vladbu@mellanox.com>
Cc: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-09-24 16:33:57 +02:00
..
act_api.c net_sched: add policy validation for action attributes 2019-09-21 19:33:13 -07:00
act_bpf.c net_sched: fix a NULL pointer deref in ipt action 2019-08-27 15:05:58 -07:00
act_connmark.c net_sched: fix a NULL pointer deref in ipt action 2019-08-27 15:05:58 -07:00
act_csum.c net_sched: fix a NULL pointer deref in ipt action 2019-08-27 15:05:58 -07:00
act_ct.c netfilter: update include directives. 2019-09-13 12:33:06 +02:00
act_ctinfo.c net_sched: fix a NULL pointer deref in ipt action 2019-08-27 15:05:58 -07:00
act_gact.c net_sched: fix a NULL pointer deref in ipt action 2019-08-27 15:05:58 -07:00
act_ife.c net_sched: fix a NULL pointer deref in ipt action 2019-08-27 15:05:58 -07:00
act_ipt.c net_sched: fix a NULL pointer deref in ipt action 2019-08-27 15:05:58 -07:00
act_meta_mark.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
act_meta_skbprio.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
act_meta_skbtcindex.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
act_mirred.c net: sched: use get_dev() action API in flow_action infra 2019-09-16 09:18:03 +02:00
act_mpls.c net_sched: fix a NULL pointer deref in ipt action 2019-08-27 15:05:58 -07:00
act_nat.c net_sched: fix a NULL pointer deref in ipt action 2019-08-27 15:05:58 -07:00
act_pedit.c net_sched: fix a NULL pointer deref in ipt action 2019-08-27 15:05:58 -07:00
act_police.c net_sched: act_police: add 2 new attributes to support police 64bit rate and peakrate 2019-09-06 15:02:16 +02:00
act_sample.c net/sched: act_sample: don't push mac header on ip6gre ingress 2019-09-20 17:01:59 -07:00
act_simple.c net_sched: fix a NULL pointer deref in ipt action 2019-08-27 15:05:58 -07:00
act_skbedit.c net_sched: fix a NULL pointer deref in ipt action 2019-08-27 15:05:58 -07:00
act_skbmod.c net_sched: fix a NULL pointer deref in ipt action 2019-08-27 15:05:58 -07:00
act_tunnel_key.c net_sched: fix a NULL pointer deref in ipt action 2019-08-27 15:05:58 -07:00
act_vlan.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2019-09-02 11:20:17 -07:00
cls_api.c net: sched: fix possible crash in tcf_action_destroy() 2019-09-24 16:33:57 +02:00
cls_basic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cls_bpf.c net: sched: refactor block offloads counter usage 2019-08-26 14:17:43 -07:00
cls_cgroup.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cls_flow.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cls_flower.c net: sched: flower: don't take rtnl lock for cls hw offloads API 2019-08-26 14:17:43 -07:00
cls_fw.c net: sched: remove NET_CLS_IND config option 2019-06-15 14:06:13 -07:00
cls_matchall.c net: sched: cls_matchall: cleanup flow_action before deallocating 2019-08-30 15:12:05 -07:00
cls_route.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cls_rsvp6.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cls_rsvp.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cls_rsvp.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cls_tcindex.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
cls_u32.c net: sched: refactor block offloads counter usage 2019-08-26 14:17:43 -07:00
em_canid.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 11 2019-05-21 11:28:45 +02:00
em_cmp.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
em_ipset.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
em_ipt.c net: sched: em_ipt: add support for addrtype matching 2019-06-29 11:15:12 -07:00
em_meta.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
em_nbyte.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
em_text.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
em_u32.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ematch.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
Kconfig net: openvswitch: Set OvS recirc_id from tc chain index 2019-09-06 14:59:18 +02:00
Makefile net/sched: Introduce action ct 2019-07-09 12:11:59 -07:00
sch_api.c net_sched: add max len check for TCA_KIND 2019-09-21 19:18:51 -07:00
sch_atm.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
sch_blackhole.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sch_cake.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
sch_cbq.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sch_cbs.c net/sched: cbs: remove redundant assignment to variable port_rate 2019-09-05 09:37:02 +02:00
sch_choke.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
sch_codel.c net: sched: Fix a possible null-pointer dereference in dequeue_func() 2019-07-29 09:46:58 -07:00
sch_drr.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
sch_dsmark.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
sch_etf.c etf: Add skip_sock_check 2019-06-28 14:45:33 -07:00
sch_fifo.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sch_fq_codel.c fq_codel: remove set but not used variables 'prev_ecn_mark' and 'prev_drop_count' 2019-08-08 22:32:19 -07:00
sch_fq.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sch_generic.c net_sched: let qdisc_put() accept NULL pointer 2019-09-15 20:54:14 +02:00
sch_gred.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sch_hfsc.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
sch_hhf.c sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero 2019-09-10 18:31:00 +01:00
sch_htb.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sch_ingress.c net: flow_offload: rename TCF_BLOCK_BINDER_TYPE_* to FLOW_BLOCK_BINDER_TYPE_* 2019-07-09 14:38:50 -07:00
sch_mq.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
sch_mqprio.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
sch_multiq.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 201 2019-05-30 11:29:52 -07:00
sch_netem.c sch_netem: fix a divide by zero in tabledist() 2019-09-20 19:12:22 -07:00
sch_pie.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 235 2019-06-19 17:09:07 +02:00
sch_plug.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sch_prio.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sch_qfq.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
sch_red.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sch_sfb.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
sch_sfq.c net_sched: unset TCQ_F_CAN_BYPASS when adding filters 2019-07-17 13:34:09 -07:00
sch_skbprio.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sch_taprio.c taprio: Add support for hardware offloading 2019-09-16 21:32:57 +02:00
sch_tbf.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sch_teql.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00