| Message ID | c2f076b0758b8cd997574b45c2abe064e28aca74.1540070509.git.dcaratti@redhat.com |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
| Series | net/sched: forbid 'goto_chain' on fallback actions | expand |
On Sat, Oct 20, 2018 at 2:33 PM Davide Caratti <dcaratti@redhat.com> wrote: > > in the following command: > > # tc action add action police rate <r> burst <b> conform-exceed <c1>/<c2> > > 'goto chain x' is allowed only for c1: setting it for c2 makes the kernel > crash with NULL pointer dereference, since TC core doesn't initialize the > chain handle. > > Signed-off-by: Davide Caratti <dcaratti@redhat.com> Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Sat, Oct 20, 2018 at 11:33:08PM CEST, dcaratti@redhat.com wrote: >in the following command: > > # tc action add action police rate <r> burst <b> conform-exceed <c1>/<c2> > >'goto chain x' is allowed only for c1: setting it for c2 makes the kernel >crash with NULL pointer dereference, since TC core doesn't initialize the >chain handle. > >Signed-off-by: Davide Caratti <dcaratti@redhat.com> >--- > net/sched/act_police.c | 12 ++++++++++-- > 1 file changed, 10 insertions(+), 2 deletions(-) > >diff --git a/net/sched/act_police.c b/net/sched/act_police.c >index 5d8bfa878477..3b793393efd1 100644 >--- a/net/sched/act_police.c >+++ b/net/sched/act_police.c >@@ -150,6 +150,16 @@ static int tcf_police_init(struct net *net, struct nlattr *nla, > goto failure; > } > >+ if (tb[TCA_POLICE_RESULT]) { >+ police->tcfp_result = nla_get_u32(tb[TCA_POLICE_RESULT]); >+ if (TC_ACT_EXT_CMP(police->tcfp_result, TC_ACT_GOTO_CHAIN)) { >+ NL_SET_ERR_MSG(extack, >+ "goto chain not allowed on fallback"); Also, no need for line-wrap Acked-by: Jiri Pirko <jiri@mellanox.com> >+ err = -EINVAL; >+ goto failure; >+ } >+ } >+ > spin_lock_bh(&police->tcf_lock); > /* No failure allowed after this point */ > police->tcfp_mtu = parm->mtu; >@@ -173,8 +183,6 @@ static int tcf_police_init(struct net *net, struct nlattr *nla, > police->peak_present = false; > } > >- if (tb[TCA_POLICE_RESULT]) >- police->tcfp_result = nla_get_u32(tb[TCA_POLICE_RESULT]); > police->tcfp_burst = PSCHED_TICKS2NS(parm->burst); > police->tcfp_toks = police->tcfp_burst; > if (police->peak_present) { >-- >2.17.1 >
diff --git a/net/sched/act_police.c b/net/sched/act_police.c index 5d8bfa878477..3b793393efd1 100644 --- a/net/sched/act_police.c +++ b/net/sched/act_police.c @@ -150,6 +150,16 @@ static int tcf_police_init(struct net *net, struct nlattr *nla, goto failure; } + if (tb[TCA_POLICE_RESULT]) { + police->tcfp_result = nla_get_u32(tb[TCA_POLICE_RESULT]); + if (TC_ACT_EXT_CMP(police->tcfp_result, TC_ACT_GOTO_CHAIN)) { + NL_SET_ERR_MSG(extack, + "goto chain not allowed on fallback"); + err = -EINVAL; + goto failure; + } + } + spin_lock_bh(&police->tcf_lock); /* No failure allowed after this point */ police->tcfp_mtu = parm->mtu; @@ -173,8 +183,6 @@ static int tcf_police_init(struct net *net, struct nlattr *nla, police->peak_present = false; } - if (tb[TCA_POLICE_RESULT]) - police->tcfp_result = nla_get_u32(tb[TCA_POLICE_RESULT]); police->tcfp_burst = PSCHED_TICKS2NS(parm->burst); police->tcfp_toks = police->tcfp_burst; if (police->peak_present) {
in the following command: # tc action add action police rate <r> burst <b> conform-exceed <c1>/<c2> 'goto chain x' is allowed only for c1: setting it for c2 makes the kernel crash with NULL pointer dereference, since TC core doesn't initialize the chain handle. Signed-off-by: Davide Caratti <dcaratti@redhat.com> --- net/sched/act_police.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-)