| Message ID | 20230914185405.2399005-1-cascardo@canonical.com |
|---|---|
| State | New |
| Headers | show |
| Series | [SRU,Mantic] net/sched: sch_hfsc: Ensure inner classes have fsc curve | expand |
On 9/14/23 12:54 PM, Thadeu Lima de Souza Cascardo wrote: > From: Budimir Markovic <markovicbudimir@gmail.com> > > HFSC assumes that inner classes have an fsc curve, but it is currently > possible for classes without an fsc curve to become parents. This leads > to bugs including a use-after-free. > > Don't allow non-root classes without HFSC_FSC to become parents. > > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") > Reported-by: Budimir Markovic <markovicbudimir@gmail.com> > Signed-off-by: Budimir Markovic <markovicbudimir@gmail.com> > Acked-by: Jamal Hadi Salim <jhs@mojatatu.com> > Link: https://lore.kernel.org/r/20230824084905.422-1-markovicbudimir@gmail.com > Signed-off-by: Jakub Kicinski <kuba@kernel.org> > (cherry picked from commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f) > CVE-2023-4623 > Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> > --- > net/sched/sch_hfsc.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/net/sched/sch_hfsc.c b/net/sched/sch_hfsc.c > index 70b0c5873d32..61d52594ff6d 100644 > --- a/net/sched/sch_hfsc.c > +++ b/net/sched/sch_hfsc.c > @@ -1012,6 +1012,10 @@ hfsc_change_class(struct Qdisc *sch, u32 classid, u32 parentid, > if (parent == NULL) > return -ENOENT; > } > + if (!(parent->cl_flags & HFSC_FSC) && parent != &q->root) { > + NL_SET_ERR_MSG(extack, "Invalid parent - parent class must have FSC"); > + return -EINVAL; > + } > > if (classid == 0 || TC_H_MAJ(classid ^ sch->handle) != 0) > return -EINVAL; Acked-by: Tim Gardner <tim.gardner@canonical.com>
On 14/09/2023 20:54, Thadeu Lima de Souza Cascardo wrote: > From: Budimir Markovic <markovicbudimir@gmail.com> > > HFSC assumes that inner classes have an fsc curve, but it is currently > possible for classes without an fsc curve to become parents. This leads > to bugs including a use-after-free. > > Don't allow non-root classes without HFSC_FSC to become parents. > > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") > Reported-by: Budimir Markovic <markovicbudimir@gmail.com> > Signed-off-by: Budimir Markovic <markovicbudimir@gmail.com> > Acked-by: Jamal Hadi Salim <jhs@mojatatu.com> > Link: https://lore.kernel.org/r/20230824084905.422-1-markovicbudimir@gmail.com > Signed-off-by: Jakub Kicinski <kuba@kernel.org> > (cherry picked from commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f) > CVE-2023-4623 > Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> > --- > net/sched/sch_hfsc.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/net/sched/sch_hfsc.c b/net/sched/sch_hfsc.c > index 70b0c5873d32..61d52594ff6d 100644 > --- a/net/sched/sch_hfsc.c > +++ b/net/sched/sch_hfsc.c > @@ -1012,6 +1012,10 @@ hfsc_change_class(struct Qdisc *sch, u32 classid, u32 parentid, > if (parent == NULL) > return -ENOENT; > } > + if (!(parent->cl_flags & HFSC_FSC) && parent != &q->root) { > + NL_SET_ERR_MSG(extack, "Invalid parent - parent class must have FSC"); > + return -EINVAL; > + } > > if (classid == 0 || TC_H_MAJ(classid ^ sch->handle) != 0) > return -EINVAL; Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
On 14.09.23 20:54, Thadeu Lima de Souza Cascardo wrote: > From: Budimir Markovic <markovicbudimir@gmail.com> > > HFSC assumes that inner classes have an fsc curve, but it is currently > possible for classes without an fsc curve to become parents. This leads > to bugs including a use-after-free. > > Don't allow non-root classes without HFSC_FSC to become parents. > > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") > Reported-by: Budimir Markovic <markovicbudimir@gmail.com> > Signed-off-by: Budimir Markovic <markovicbudimir@gmail.com> > Acked-by: Jamal Hadi Salim <jhs@mojatatu.com> > Link: https://lore.kernel.org/r/20230824084905.422-1-markovicbudimir@gmail.com > Signed-off-by: Jakub Kicinski <kuba@kernel.org> > (cherry picked from commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f) > CVE-2023-4623 > Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> This was already applied to mantic and included in Ubuntu-6.5.0-6.6 (-proposed). > --- > net/sched/sch_hfsc.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/net/sched/sch_hfsc.c b/net/sched/sch_hfsc.c > index 70b0c5873d32..61d52594ff6d 100644 > --- a/net/sched/sch_hfsc.c > +++ b/net/sched/sch_hfsc.c > @@ -1012,6 +1012,10 @@ hfsc_change_class(struct Qdisc *sch, u32 classid, u32 parentid, > if (parent == NULL) > return -ENOENT; > } > + if (!(parent->cl_flags & HFSC_FSC) && parent != &q->root) { > + NL_SET_ERR_MSG(extack, "Invalid parent - parent class must have FSC"); > + return -EINVAL; > + } > > if (classid == 0 || TC_H_MAJ(classid ^ sch->handle) != 0) > return -EINVAL;
diff --git a/net/sched/sch_hfsc.c b/net/sched/sch_hfsc.c index 70b0c5873d32..61d52594ff6d 100644 --- a/net/sched/sch_hfsc.c +++ b/net/sched/sch_hfsc.c @@ -1012,6 +1012,10 @@ hfsc_change_class(struct Qdisc *sch, u32 classid, u32 parentid, if (parent == NULL) return -ENOENT; } + if (!(parent->cl_flags & HFSC_FSC) && parent != &q->root) { + NL_SET_ERR_MSG(extack, "Invalid parent - parent class must have FSC"); + return -EINVAL; + } if (classid == 0 || TC_H_MAJ(classid ^ sch->handle) != 0) return -EINVAL;