From patchwork Sat Oct 28 05:08:56 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cong Wang X-Patchwork-Id: 831574 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="SyFwTTRK"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3yP81Q1ccnz9t31 for ; Sat, 28 Oct 2017 16:09:29 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751167AbdJ1FJV (ORCPT ); Sat, 28 Oct 2017 01:09:21 -0400 Received: from mail-pg0-f67.google.com ([74.125.83.67]:52733 "EHLO mail-pg0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750788AbdJ1FJT (ORCPT ); Sat, 28 Oct 2017 01:09:19 -0400 Received: by mail-pg0-f67.google.com with SMTP id a192so6739392pge.9 for ; Fri, 27 Oct 2017 22:09:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=hiROQEHmpkI2HhNujKOQgGwcDEs3C+FQE41i3pI1uGc=; b=SyFwTTRKg7nHTb0GVUmW1IeyaOXRCYxHxoeNQkUFiXTgDVSPzPZlb1SMWEcM+ZC5Sz j4R20ohF8aGwIADjAuJKKiUvlSysLT4u6VbqabGm6dnREmCRCokNhqrPhTe1awUBsM4d CttBKZeMLyB0z9VruQ1e5Hks/rWjYj+BmVQ7Q6ImBcyB+jSoMJNZVNapxtrO1d7JhRyJ Qgv534UydgalkJZquoQ9wHnf1W/NoDRDfOPZuHpdhv3Dp4vTJeO39nZUVM//IwqKyzXM y/+WemHfFSuHbkVWGAtQ0YBdC4TFYYc4LdU26E37n3S5pOHdy0W+y6xCup2jNCRMvUdM T/nQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=hiROQEHmpkI2HhNujKOQgGwcDEs3C+FQE41i3pI1uGc=; b=fRKpbW1uSc2RxY2/3SS7AdYEBpcDdsR+y84AXpnf3aMC1c+VblQ9EOFrwt1s/gkhH/ oYEy4UH5aChz7OAG2txjfKwSZZg5juAGaUt88lFibEe541J0g5x4/N/mUxVbaad/fH0p EeZq8D5w/lv2B9qf1vSVjvVgNsfc9gCPBIwKQWVSZRFNYfK00qvPkSnby7iDXRxYwfQK ip9+lds4GgXNLDbAzy/kJyZstMT6y+uIeutFLLZSb1Lnd+rzP3MDFTgWZbQbkWQCEXU1 BFs962S4wjtA1U14YYRc0poAbP+gnRClBxRn3m364xFOAOg//ELSSLVmc6/znGuqkIpt S1VA== X-Gm-Message-State: AMCzsaUJgnvNc1Lpgzv2I62YHZLt0Ssy1QasNRpJ9nTHE5DR3zqOa27Z Rzm41Q26pLgssnttLaPokuf2BWKO X-Google-Smtp-Source: ABhQp+SRS4aNL7w8MBIWfiAP9qChiKXrv8L4xkr5K5HJgLmjytA8N5AK0knp9hW29SQccxqVL8mbqw== X-Received: by 10.98.236.220 with SMTP id e89mr2481156pfm.219.1509167359201; Fri, 27 Oct 2017 22:09:19 -0700 (PDT) Received: from tw-172-25-30-113.office.twttr.net ([8.25.197.25]) by smtp.gmail.com with ESMTPSA id m78sm18437665pfj.164.2017.10.27.22.09.17 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 27 Oct 2017 22:09:18 -0700 (PDT) From: Cong Wang To: netdev@vger.kernel.org Cc: dcaratti@redhat.com, Cong Wang , Jiri Kosina , Eric Dumazet , Jamal Hadi Salim Subject: [Patch net] net_sched: avoid matching qdisc with zero handle Date: Fri, 27 Oct 2017 22:08:56 -0700 Message-Id: <20171028050856.18393-1-xiyou.wangcong@gmail.com> X-Mailer: git-send-email 2.9.4 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Davide found the following script triggers a NULL pointer dereference: ip l a name eth0 type dummy tc q a dev eth0 parent :1 handle 1: htb This is because for a freshly created netdevice noop_qdisc is attached and when passing 'parent :1', kernel actually tries to match the major handle which is 0 and noop_qdisc has handle 0 so is matched by mistake. Commit 69012ae425d7 tries to fix a similar bug but still misses this case. Handle 0 is not a valid one, should be just skipped. In fact, kernel uses it as TC_H_UNSPEC. Fixes: 69012ae425d7 ("net: sched: fix handling of singleton qdiscs with qdisc_hash") Fixes: 59cc1f61f09c ("net: sched:convert qdisc linked list to hashtable") Reported-by: Davide Caratti Cc: Jiri Kosina Cc: Eric Dumazet Cc: Jamal Hadi Salim Signed-off-by: Cong Wang --- net/sched/sch_api.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c index c6deb74e3d2f..22bc6fc48311 100644 --- a/net/sched/sch_api.c +++ b/net/sched/sch_api.c @@ -301,6 +301,8 @@ struct Qdisc *qdisc_lookup(struct net_device *dev, u32 handle) { struct Qdisc *q; + if (!handle) + return NULL; q = qdisc_match_from_root(dev->qdisc, handle); if (q) goto out;