Message ID | 20230420183634.1139391-1-ivecera@redhat.com (mailing list archive) |
---|---|
State | Accepted |
Commit | 2cc8a008d62f3c04eeb7ec6fe59e542802bb8df3 |
Delegated to: | Netdev Maintainers |
Headers | show |
Series | [net,v2] net/sched: cls_api: Initialize miss_cookie_node when action miss is not used | expand |
On 20/04/2023 15:36, Ivan Vecera wrote: > Function tcf_exts_init_ex() sets exts->miss_cookie_node ptr only > when use_action_miss is true so it assumes in other case that > the field is set to NULL by the caller. If not then the field > contains garbage and subsequent tcf_exts_destroy() call results > in a crash. > Ensure that the field .miss_cookie_node pointer is NULL when > use_action_miss parameter is false to avoid this potential scenario. > > Fixes: 80cd22c35c90 ("net/sched: cls_api: Support hardware miss to tc action") > Signed-off-by: Ivan Vecera <ivecera@redhat.com> > --- > net/sched/cls_api.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c > index 35785a36c80298..3c3629c9e7b65c 100644 > --- a/net/sched/cls_api.c > +++ b/net/sched/cls_api.c > @@ -3211,6 +3211,7 @@ int tcf_exts_init_ex(struct tcf_exts *exts, struct net *net, int action, > #ifdef CONFIG_NET_CLS_ACT > exts->type = 0; > exts->nr_actions = 0; > + exts->miss_cookie_node = NULL; > /* Note: we do not own yet a reference on net. > * This reference might be taken later from tcf_exts_get_net(). > */ Reviewed-by: Pedro Tammela <pctammela@mojatatu.com>
On Thu, Apr 20, 2023 at 03:41:17PM -0300, Pedro Tammela wrote: > On 20/04/2023 15:36, Ivan Vecera wrote: > > Function tcf_exts_init_ex() sets exts->miss_cookie_node ptr only > > when use_action_miss is true so it assumes in other case that > > the field is set to NULL by the caller. If not then the field > > contains garbage and subsequent tcf_exts_destroy() call results > > in a crash. > > Ensure that the field .miss_cookie_node pointer is NULL when > > use_action_miss parameter is false to avoid this potential scenario. > > > > Fixes: 80cd22c35c90 ("net/sched: cls_api: Support hardware miss to tc action") > > Signed-off-by: Ivan Vecera <ivecera@redhat.com> > > --- > > net/sched/cls_api.c | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c > > index 35785a36c80298..3c3629c9e7b65c 100644 > > --- a/net/sched/cls_api.c > > +++ b/net/sched/cls_api.c > > @@ -3211,6 +3211,7 @@ int tcf_exts_init_ex(struct tcf_exts *exts, struct net *net, int action, > > #ifdef CONFIG_NET_CLS_ACT > > exts->type = 0; > > exts->nr_actions = 0; > > + exts->miss_cookie_node = NULL; > > /* Note: we do not own yet a reference on net. > > * This reference might be taken later from tcf_exts_get_net(). > > */ > > Reviewed-by: Pedro Tammela <pctammela@mojatatu.com> Reviewed-by: Simon Horman <simon.horman@corigine.com>
Hello: This patch was applied to netdev/net.git (main) by Jakub Kicinski <kuba@kernel.org>: On Thu, 20 Apr 2023 20:36:33 +0200 you wrote: > Function tcf_exts_init_ex() sets exts->miss_cookie_node ptr only > when use_action_miss is true so it assumes in other case that > the field is set to NULL by the caller. If not then the field > contains garbage and subsequent tcf_exts_destroy() call results > in a crash. > Ensure that the field .miss_cookie_node pointer is NULL when > use_action_miss parameter is false to avoid this potential scenario. > > [...] Here is the summary with links: - [net,v2] net/sched: cls_api: Initialize miss_cookie_node when action miss is not used https://git.kernel.org/netdev/net/c/2cc8a008d62f You are awesome, thank you!
diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c index 35785a36c80298..3c3629c9e7b65c 100644 --- a/net/sched/cls_api.c +++ b/net/sched/cls_api.c @@ -3211,6 +3211,7 @@ int tcf_exts_init_ex(struct tcf_exts *exts, struct net *net, int action, #ifdef CONFIG_NET_CLS_ACT exts->type = 0; exts->nr_actions = 0; + exts->miss_cookie_node = NULL; /* Note: we do not own yet a reference on net. * This reference might be taken later from tcf_exts_get_net(). */
Function tcf_exts_init_ex() sets exts->miss_cookie_node ptr only when use_action_miss is true so it assumes in other case that the field is set to NULL by the caller. If not then the field contains garbage and subsequent tcf_exts_destroy() call results in a crash. Ensure that the field .miss_cookie_node pointer is NULL when use_action_miss parameter is false to avoid this potential scenario. Fixes: 80cd22c35c90 ("net/sched: cls_api: Support hardware miss to tc action") Signed-off-by: Ivan Vecera <ivecera@redhat.com> --- net/sched/cls_api.c | 1 + 1 file changed, 1 insertion(+)