From patchwork Fri Feb 15 23:06:30 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Davide Caratti X-Patchwork-Id: 1043277 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 441TRX618Bz9sML for ; Sat, 16 Feb 2019 10:07:04 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2394306AbfBOXHD (ORCPT ); Fri, 15 Feb 2019 18:07:03 -0500 Received: from mx1.redhat.com ([209.132.183.28]:55714 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2393969AbfBOXHD (ORCPT ); Fri, 15 Feb 2019 18:07:03 -0500 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id CDF98C04AC51; Fri, 15 Feb 2019 23:07:02 +0000 (UTC) Received: from new-host.redhat.com (ovpn-204-38.brq.redhat.com [10.40.204.38]) by smtp.corp.redhat.com (Postfix) with ESMTP id EB01060C69; Fri, 15 Feb 2019 23:07:00 +0000 (UTC) From: Davide Caratti To: Jamal Hadi Salim , Cong Wang , Jiri Pirko Cc: "David S. Miller" , Vlad Buslov , Paolo Abeni , netdev@vger.kernel.org Subject: [PATCH RFC 4/5] net/sched: act_csum: validate the control action inside init() Date: Sat, 16 Feb 2019 00:06:30 +0100 Message-Id: <6a7083d426719911ffb2e7b13c573496d9a90f67.1550271080.git.dcaratti@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Fri, 15 Feb 2019 23:07:02 +0000 (UTC) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Don't overwrite act_csum data if the control control action is not valid, to prevent loosing the previous configuration in case validation failed. Not doing that caused NULL dereference in the data path if 'goto chain' is used. Tested with: # ./tdc.py -c csum Fixes: db50514f9a9c ("net: sched: add termination action to allow goto chain") Fixes: 97763dc0f401 ("net_sched: reject unknown tcfa_action values") Signed-off-by: Davide Caratti --- net/sched/act_csum.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/net/sched/act_csum.c b/net/sched/act_csum.c index 1ae120c9ab02..bf0940156886 100644 --- a/net/sched/act_csum.c +++ b/net/sched/act_csum.c @@ -33,6 +33,7 @@ #include #include +#include #include #include @@ -52,6 +53,7 @@ static int tcf_csum_init(struct net *net, struct nlattr *nla, struct tc_action_net *tn = net_generic(net, csum_net_id); struct tcf_csum_params *params_new; struct nlattr *tb[TCA_CSUM_MAX + 1]; + struct tcf_chain *newchain = NULL; struct tc_csum *parm; struct tcf_csum *p; int ret = 0, err; @@ -87,17 +89,23 @@ static int tcf_csum_init(struct net *net, struct nlattr *nla, return err; } + err = tcf_action_check_ctrlact(parm->action, tp, &newchain, extack); + if (unlikely(err)) { + ret = err; + goto error; + } + p = to_tcf_csum(*a); params_new = kzalloc(sizeof(*params_new), GFP_KERNEL); if (unlikely(!params_new)) { - tcf_idr_release(*a, bind); - return -ENOMEM; + ret = -ENOMEM; + goto error; } params_new->update_flags = parm->update_flags; spin_lock_bh(&p->tcf_lock); - p->tcf_action = parm->action; + tcf_action_set_ctrlact(*a, parm->action, newchain); rcu_swap_protected(p->params, params_new, lockdep_is_held(&p->tcf_lock)); spin_unlock_bh(&p->tcf_lock); @@ -108,7 +116,13 @@ static int tcf_csum_init(struct net *net, struct nlattr *nla, if (ret == ACT_P_CREATED) tcf_idr_insert(tn, *a); +end: return ret; +error: + if (newchain) + tcf_chain_put_by_act(newchain); + tcf_idr_release(*a, bind); + goto end; } /**