leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
fae2708174
linux/net/sched
History
Davide Caratti fae2708174 net/sched: act_sample: fix divide by zero in the traffic path 
the control path of 'sample' action does not validate the value of 'rate'
provided by the user, but then it uses it as divisor in the traffic path.
Validate it in tcf_sample_init(), and return -EINVAL with a proper extack
message in case that value is zero, to fix a splat with the script below:

 # tc f a dev test0 egress matchall action sample rate 0 group 1 index 2
 # tc -s a s action sample
 total acts 1

         action order 0: sample rate 1/0 group 1 pipe
          index 2 ref 1 bind 1 installed 19 sec used 19 sec
         Action statistics:
         Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
         backlog 0b 0p requeues 0
 # ping 192.0.2.1 -I test0 -c1 -q

 divide error: 0000 [#1] SMP PTI
 CPU: 1 PID: 6192 Comm: ping Not tainted 5.1.0-rc2.diag2+ #591
 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
 RIP: 0010:tcf_sample_act+0x9e/0x1e0 [act_sample]
 Code: 6a f1 85 c0 74 0d 80 3d 83 1a 00 00 00 0f 84 9c 00 00 00 4d 85 e4 0f 84 85 00 00 00 e8 9b d7 9c f1 44 8b 8b e0 00 00 00 31 d2 <41> f7 f1 85 d2 75 70 f6 85 83 00 00 00 10 48 8b 45 10 8b 88 08 01
 RSP: 0018:ffffae320190ba30 EFLAGS: 00010246
 RAX: 00000000b0677d21 RBX: ffff8af1ed9ec000 RCX: 0000000059a9fe49
 RDX: 0000000000000000 RSI: 000000000c7e33b7 RDI: ffff8af23daa0af0
 RBP: ffff8af1ee11b200 R08: 0000000074fcaf7e R09: 0000000000000000
 R10: 0000000000000050 R11: ffffffffb3088680 R12: ffff8af232307f80
 R13: 0000000000000003 R14: ffff8af1ed9ec000 R15: 0000000000000000
 FS:  00007fe9c6d2f740(0000) GS:ffff8af23da80000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 00007fff6772f000 CR3: 00000000746a2004 CR4: 00000000001606e0
 Call Trace:
  tcf_action_exec+0x7c/0x1c0
  tcf_classify+0x57/0x160
  __dev_queue_xmit+0x3dc/0xd10
  ip_finish_output2+0x257/0x6d0
  ip_output+0x75/0x280
  ip_send_skb+0x15/0x40
  raw_sendmsg+0xae3/0x1410
  sock_sendmsg+0x36/0x40
  __sys_sendto+0x10e/0x140
  __x64_sys_sendto+0x24/0x30
  do_syscall_64+0x60/0x210
  entry_SYSCALL_64_after_hwframe+0x49/0xbe
  [...]
  Kernel panic - not syncing: Fatal exception in interrupt

Add a TDC selftest to document that 'rate' is now being validated.

Reported-by: Matteo Croce <mcroce@redhat.com>
Fixes: 5c5670fae4 ("net/sched: Introduce sample tc action")
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Acked-by: Yotam Gigi <yotam.gi@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-04-04 10:46:33 -07:00
..
act_api.c net/sched: let actions use RCU to access 'goto_chain' 2019-03-21 13:26:42 -07:00
act_bpf.c net/sched: act_bpf: validate the control action inside init() 2019-03-21 13:26:41 -07:00
act_connmark.c net/sched: act_connmark: validate the control action inside init() 2019-03-21 13:26:41 -07:00
act_csum.c net/sched: act_csum: validate the control action inside init() 2019-03-21 13:26:41 -07:00
act_gact.c net/sched: act_gact: validate the control action inside init() 2019-03-21 13:26:41 -07:00
act_ife.c net/sched: act_ife: validate the control action inside init() 2019-03-21 13:26:41 -07:00
act_ipt.c net/sched: prepare TC actions to properly validate the control action 2019-03-21 13:26:41 -07:00
act_meta_mark.c net: remove duplicate includes 2017-12-13 13:18:46 -05:00
act_meta_skbprio.c
act_meta_skbtcindex.c net: remove duplicate includes 2017-12-13 13:18:46 -05:00
act_mirred.c net: sched: fix cleanup NULL pointer exception in act_mirr 2019-03-23 21:36:04 -04:00
act_nat.c net/sched: act_nat: validate the control action inside init() 2019-03-21 13:26:41 -07:00
act_pedit.c net/sched: act_pedit: validate the control action inside init() 2019-03-21 13:26:41 -07:00
act_police.c net/sched: act_police: validate the control action inside init() 2019-03-21 13:26:41 -07:00
act_sample.c net/sched: act_sample: fix divide by zero in the traffic path 2019-04-04 10:46:33 -07:00
act_simple.c net/sched: act_simple: validate the control action inside init() 2019-03-21 13:26:41 -07:00
act_skbedit.c net/sched: act_skbedit: validate the control action inside init() 2019-03-21 13:26:41 -07:00
act_skbmod.c net/sched: act_skbmod: validate the control action inside init() 2019-03-21 13:26:42 -07:00
act_tunnel_key.c net/sched: act_tunnel_key: validate the control action inside init() 2019-03-21 13:26:42 -07:00
act_vlan.c net/sched: act_vlan: validate the control action inside init() 2019-03-21 13:26:42 -07:00
cls_api.c net/sched: let actions use RCU to access 'goto_chain' 2019-03-21 13:26:42 -07:00
cls_basic.c net_sched: initialize net pointer inside tcf_exts_init() 2019-02-22 15:26:51 -08:00
cls_bpf.c net_sched: initialize net pointer inside tcf_exts_init() 2019-02-22 15:26:51 -08:00
cls_cgroup.c net_sched: initialize net pointer inside tcf_exts_init() 2019-02-22 15:26:51 -08:00
cls_flow.c net_sched: initialize net pointer inside tcf_exts_init() 2019-02-22 15:26:51 -08:00
cls_flower.c net: sched: flower: insert new filter to idr after setting its mask 2019-03-06 10:52:16 -08:00
cls_fw.c Revert "net: sched: fw: don't set arg->stop in fw_walk() when empty" 2019-02-27 10:12:19 -08:00
cls_matchall.c net/sched: fix ->get helper of the matchall cls 2019-04-01 14:13:25 -07:00
cls_route.c net_sched: initialize net pointer inside tcf_exts_init() 2019-02-22 15:26:51 -08:00
cls_rsvp6.c
cls_rsvp.c
cls_rsvp.h net_sched: initialize net pointer inside tcf_exts_init() 2019-02-22 15:26:51 -08:00
cls_tcindex.c net_sched: initialize net pointer inside tcf_exts_init() 2019-02-22 15:26:51 -08:00
cls_u32.c net_sched: initialize net pointer inside tcf_exts_init() 2019-02-22 15:26:51 -08:00
em_canid.c
em_cmp.c
em_ipset.c
em_ipt.c net: sched: add em_ipt ematch for calling xtables matches 2018-02-21 13:15:33 -05:00
em_meta.c
em_nbyte.c net: sched: em_nbyte: don't add the data offset twice 2018-01-24 14:52:40 -05:00
em_text.c
em_u32.c
ematch.c
Kconfig net: sched: Kconfig: update reference link for PIE 2019-03-26 11:17:09 -07:00
Makefile tc: Add support for configuring the taprio scheduler 2018-10-04 13:52:23 -07:00
sch_api.c net_sched: return correct value for *notify* functions 2019-03-13 13:48:27 -07:00
sch_atm.c net: sched: rename qdisc_destroy() to qdisc_put() 2018-09-25 20:17:35 -07:00
sch_blackhole.c net_sched: blackhole: tell upper qdisc about dropped packets 2018-06-17 08:42:33 +09:00
sch_cake.c sch_cake: Interpret fwmark parameter as a bitmask 2019-03-15 11:57:14 -07:00
sch_cbq.c net: sched: introduce and use qdisc tree flush/purge helpers 2019-04-01 14:50:13 -07:00
sch_cbs.c sched: Avoid dereferencing skb pointer after child enqueue 2019-01-15 20:12:00 -08:00
sch_choke.c net: sched: sch: add extack for change qdisc ops 2017-12-21 12:32:50 -05:00
sch_codel.c net: sched: sch: add extack for change qdisc ops 2017-12-21 12:32:50 -05:00
sch_drr.c net: sched: introduce and use qdisc tree flush/purge helpers 2019-04-01 14:50:13 -07:00
sch_dsmark.c sched: Avoid dereferencing skb pointer after child enqueue 2019-01-15 20:12:00 -08:00
sch_etf.c etf: Drop all expired packets 2018-11-16 20:39:34 -08:00
sch_fifo.c net: sched: rename qdisc_destroy() to qdisc_put() 2018-09-25 20:17:35 -07:00
sch_fq_codel.c net: Add and use skb_mark_not_on_list(). 2018-09-10 10:06:54 -07:00
sch_fq.c net_sched: sch_fq: avoid calling ktime_get_ns() if not needed 2018-11-20 09:51:32 -08:00
sch_generic.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-03-04 13:26:15 -08:00
sch_gred.c net: sched: gred: support reporting stats from offloads 2018-11-19 18:53:46 -08:00
sch_hfsc.c net: sched: introduce and use qdisc tree flush/purge helpers 2019-04-01 14:50:13 -07:00
sch_hhf.c net: Add and use skb_mark_not_on_list(). 2018-09-10 10:06:54 -07:00
sch_htb.c net: sched: introduce and use qdisc tree flush/purge helpers 2019-04-01 14:50:13 -07:00
sch_ingress.c net: sched: allow ingress and clsact qdiscs to share filter blocks 2018-01-17 14:53:57 -05:00
sch_mq.c net: sched: introduce and use qstats read helpers 2019-04-01 14:50:13 -07:00
sch_mqprio.c net: sched: introduce and use qstats read helpers 2019-04-01 14:50:13 -07:00
sch_multiq.c net: sched: introduce and use qdisc tree flush/purge helpers 2019-04-01 14:50:13 -07:00
sch_netem.c net: netem: fix skb length BUG_ON in __skb_to_sgvec 2019-02-28 10:31:31 -08:00
sch_pie.c net: sched: pie: avoid slow division in drop probability decay 2019-02-28 10:35:41 -08:00
sch_plug.c net: sched: sch: add extack for change qdisc ops 2017-12-21 12:32:50 -05:00
sch_prio.c net: sched: introduce and use qdisc tree flush/purge helpers 2019-04-01 14:50:13 -07:00
sch_qfq.c net: sched: introduce and use qdisc tree flush/purge helpers 2019-04-01 14:50:13 -07:00
sch_red.c net: sched: introduce and use qdisc tree flush/purge helpers 2019-04-01 14:50:13 -07:00
sch_sfb.c net: sched: introduce and use qdisc tree flush/purge helpers 2019-04-01 14:50:13 -07:00
sch_sfq.c net: sch: api: add extack support in tcf_block_get 2017-12-21 12:32:51 -05:00
sch_skbprio.c net/sched: add skbprio scheduler 2018-07-24 14:44:00 -07:00
sch_taprio.c net: sched: introduce and use qstats read helpers 2019-04-01 14:50:13 -07:00
sch_tbf.c net: sched: introduce and use qdisc tree flush/purge helpers 2019-04-01 14:50:13 -07:00
sch_teql.c net: sched: sch: add extack for init callback 2017-12-21 12:32:50 -05:00