From patchwork Sat Oct 14 00:25:29 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vinicius Costa Gomes X-Patchwork-Id: 825767 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=osuosl.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=intel-wired-lan-bounces@osuosl.org; receiver=) Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3yDQNd1MzPz9t2f for ; Sat, 14 Oct 2017 11:25:52 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 73F2987820; Sat, 14 Oct 2017 00:25:51 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IqId9d_lsPAH; Sat, 14 Oct 2017 00:25:50 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by fraxinus.osuosl.org (Postfix) with ESMTP id DC71B87737; Sat, 14 Oct 2017 00:25:50 +0000 (UTC) X-Original-To: intel-wired-lan@lists.osuosl.org Delivered-To: intel-wired-lan@lists.osuosl.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by ash.osuosl.org (Postfix) with ESMTP id 4A37F1C0DA7 for ; Sat, 14 Oct 2017 00:25:47 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 42E87877C4 for ; Sat, 14 Oct 2017 00:25:47 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CdWcdQycW_YG for ; Sat, 14 Oct 2017 00:25:44 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 2012C87719 for ; Sat, 14 Oct 2017 00:25:44 +0000 (UTC) Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga104.jf.intel.com with ESMTP; 13 Oct 2017 17:25:43 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.43,373,1503385200"; d="scan'208";a="909809252" Received: from ellie.jf.intel.com (HELO localhost.localdomain) ([10.24.12.248]) by FMSMGA003.fm.intel.com with ESMTP; 13 Oct 2017 17:25:42 -0700 From: Vinicius Costa Gomes To: netdev@vger.kernel.org, intel-wired-lan@lists.osuosl.org Date: Fri, 13 Oct 2017 17:25:29 -0700 Message-Id: <20171014002534.19896-2-vinicius.gomes@intel.com> X-Mailer: git-send-email 2.14.2 In-Reply-To: <20171014002534.19896-1-vinicius.gomes@intel.com> References: <20171014002534.19896-1-vinicius.gomes@intel.com> Cc: rodney.cummings@ni.com, andre.guedes@intel.com, jiri@resnulli.us, ivan.briano@intel.com, richardcochran@gmail.com, henrik@austad.us, jhs@mojatatu.com, levipearson@gmail.com, boon.leong.ong@intel.com, xiyou.wangcong@gmail.com, Jesus Sanchez-Palencia Subject: [Intel-wired-lan] [next-queue PATCH v8 1/6] net/sched: Check for null dev_queue on create flow X-BeenThere: intel-wired-lan@osuosl.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Intel Wired Ethernet Linux Kernel Driver Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: intel-wired-lan-bounces@osuosl.org Sender: "Intel-wired-lan" From: Jesus Sanchez-Palencia In qdisc_alloc() the dev_queue pointer was used without any checks being performed. If qdisc_create() gets a null dev_queue pointer, it just passes it along to qdisc_alloc(), leading to a crash. That happens if a root qdisc implements select_queue() and returns a null dev_queue pointer for an "invalid handle", for example, or if the dev_queue associated with the parent qdisc is null. This patch is in preparation for the next in this series, where select_queue() is being added to mqprio and as it may return a null dev_queue. Signed-off-by: Jesus Sanchez-Palencia --- net/sched/sch_generic.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c index a0a198768aad..de2408f1ccd3 100644 --- a/net/sched/sch_generic.c +++ b/net/sched/sch_generic.c @@ -603,8 +603,14 @@ struct Qdisc *qdisc_alloc(struct netdev_queue *dev_queue, struct Qdisc *sch; unsigned int size = QDISC_ALIGN(sizeof(*sch)) + ops->priv_size; int err = -ENOBUFS; - struct net_device *dev = dev_queue->dev; + struct net_device *dev; + + if (!dev_queue) { + err = -EINVAL; + goto errout; + } + dev = dev_queue->dev; p = kzalloc_node(size, GFP_KERNEL, netdev_queue_numa_node_read(dev_queue));