diff mbox series

[net,v2] net/sched: cls_api: Initialize miss_cookie_node when action miss is not used

Message ID 20230420183634.1139391-1-ivecera@redhat.com (mailing list archive)
State Accepted
Commit 2cc8a008d62f3c04eeb7ec6fe59e542802bb8df3
Delegated to: Netdev Maintainers
Headers show
Series [net,v2] net/sched: cls_api: Initialize miss_cookie_node when action miss is not used | expand

Checks

Context Check Description
netdev/series_format success Single patches do not need cover letters
netdev/tree_selection success Clearly marked for net
netdev/fixes_present success Fixes tag present in non-next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 27 this patch: 27
netdev/cc_maintainers fail 1 blamed authors not CCed: paulb@nvidia.com; 1 maintainers not CCed: paulb@nvidia.com
netdev/build_clang success Errors and warnings before: 18 this patch: 18
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 27 this patch: 27
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 7 lines checked
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Ivan Vecera April 20, 2023, 6:36 p.m. UTC 
Function tcf_exts_init_ex() sets exts->miss_cookie_node ptr only
when use_action_miss is true so it assumes in other case that
the field is set to NULL by the caller. If not then the field
contains garbage and subsequent tcf_exts_destroy() call results
in a crash.
Ensure that the field .miss_cookie_node pointer is NULL when
use_action_miss parameter is false to avoid this potential scenario.

Fixes: 80cd22c35c90 ("net/sched: cls_api: Support hardware miss to tc action")
Signed-off-by: Ivan Vecera <ivecera@redhat.com>
---
 net/sched/cls_api.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Pedro Tammela April 20, 2023, 6:41 p.m. UTC | #1 
On 20/04/2023 15:36, Ivan Vecera wrote:
> Function tcf_exts_init_ex() sets exts->miss_cookie_node ptr only
> when use_action_miss is true so it assumes in other case that
> the field is set to NULL by the caller. If not then the field
> contains garbage and subsequent tcf_exts_destroy() call results
> in a crash.
> Ensure that the field .miss_cookie_node pointer is NULL when
> use_action_miss parameter is false to avoid this potential scenario.
> 
> Fixes: 80cd22c35c90 ("net/sched: cls_api: Support hardware miss to tc action")
> Signed-off-by: Ivan Vecera <ivecera@redhat.com>
> ---
>   net/sched/cls_api.c | 1 +
>   1 file changed, 1 insertion(+)
> 
> diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
> index 35785a36c80298..3c3629c9e7b65c 100644
> --- a/net/sched/cls_api.c
> +++ b/net/sched/cls_api.c
> @@ -3211,6 +3211,7 @@ int tcf_exts_init_ex(struct tcf_exts *exts, struct net *net, int action,
>   #ifdef CONFIG_NET_CLS_ACT
>   	exts->type = 0;
>   	exts->nr_actions = 0;
> +	exts->miss_cookie_node = NULL;
>   	/* Note: we do not own yet a reference on net.
>   	 * This reference might be taken later from tcf_exts_get_net().
>   	 */

Reviewed-by: Pedro Tammela <pctammela@mojatatu.com>
Simon Horman April 21, 2023, 9:09 a.m. UTC | #2 
On Thu, Apr 20, 2023 at 03:41:17PM -0300, Pedro Tammela wrote:
> On 20/04/2023 15:36, Ivan Vecera wrote:
> > Function tcf_exts_init_ex() sets exts->miss_cookie_node ptr only
> > when use_action_miss is true so it assumes in other case that
> > the field is set to NULL by the caller. If not then the field
> > contains garbage and subsequent tcf_exts_destroy() call results
> > in a crash.
> > Ensure that the field .miss_cookie_node pointer is NULL when
> > use_action_miss parameter is false to avoid this potential scenario.
> > 
> > Fixes: 80cd22c35c90 ("net/sched: cls_api: Support hardware miss to tc action")
> > Signed-off-by: Ivan Vecera <ivecera@redhat.com>
> > ---
> >   net/sched/cls_api.c | 1 +
> >   1 file changed, 1 insertion(+)
> > 
> > diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
> > index 35785a36c80298..3c3629c9e7b65c 100644
> > --- a/net/sched/cls_api.c
> > +++ b/net/sched/cls_api.c
> > @@ -3211,6 +3211,7 @@ int tcf_exts_init_ex(struct tcf_exts *exts, struct net *net, int action,
> >   #ifdef CONFIG_NET_CLS_ACT
> >   	exts->type = 0;
> >   	exts->nr_actions = 0;
> > +	exts->miss_cookie_node = NULL;
> >   	/* Note: we do not own yet a reference on net.
> >   	 * This reference might be taken later from tcf_exts_get_net().
> >   	 */
> 
> Reviewed-by: Pedro Tammela <pctammela@mojatatu.com>

Reviewed-by: Simon Horman <simon.horman@corigine.com>
patchwork-bot+netdevbpf@kernel.org April 22, 2023, 3:40 a.m. UTC | #3 
Hello:

This patch was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@kernel.org>:

On Thu, 20 Apr 2023 20:36:33 +0200 you wrote:
> Function tcf_exts_init_ex() sets exts->miss_cookie_node ptr only
> when use_action_miss is true so it assumes in other case that
> the field is set to NULL by the caller. If not then the field
> contains garbage and subsequent tcf_exts_destroy() call results
> in a crash.
> Ensure that the field .miss_cookie_node pointer is NULL when
> use_action_miss parameter is false to avoid this potential scenario.
> 
> [...]

Here is the summary with links:
  - [net,v2] net/sched: cls_api: Initialize miss_cookie_node when action miss is not used
    https://git.kernel.org/netdev/net/c/2cc8a008d62f

You are awesome, thank you!
diff mbox series

Patch

diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
index 35785a36c80298..3c3629c9e7b65c 100644
--- a/net/sched/cls_api.c
+++ b/net/sched/cls_api.c
@@ -3211,6 +3211,7 @@  int tcf_exts_init_ex(struct tcf_exts *exts, struct net *net, int action,
 #ifdef CONFIG_NET_CLS_ACT
 	exts->type = 0;
 	exts->nr_actions = 0;
+	exts->miss_cookie_node = NULL;
 	/* Note: we do not own yet a reference on net.
 	 * This reference might be taken later from tcf_exts_get_net().
 	 */