From patchwork Sun Sep 9 01:31:22 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Al Viro X-Patchwork-Id: 967680 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=ZenIV.linux.org.uk Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 427DGY12sLz9s3C for ; Sun, 9 Sep 2018 11:33:41 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726639AbeIIGVW (ORCPT ); Sun, 9 Sep 2018 02:21:22 -0400 Received: from zeniv.linux.org.uk ([195.92.253.2]:40852 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726152AbeIIGVW (ORCPT ); Sun, 9 Sep 2018 02:21:22 -0400 Received: from viro by ZenIV.linux.org.uk with local (Exim 4.87 #1 (Red Hat Linux)) id 1fyob2-0000sK-6l; Sun, 09 Sep 2018 01:33:12 +0000 From: Al Viro To: netdev@vger.kernel.org Cc: Jamal Hadi Salim , Cong Wang , Jiri Pirko Subject: [PATCH net 03/13] net: sched: cls_u32: disallow linking to root hnode Date: Sun, 9 Sep 2018 02:31:22 +0100 Message-Id: <20180909013132.3222-4-viro@ZenIV.linux.org.uk> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20180909013132.3222-1-viro@ZenIV.linux.org.uk> References: <20180909013132.3222-1-viro@ZenIV.linux.org.uk> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Al Viro Operation makes no sense. Nothing will actually break if we do so (depth limit in u32_classify() will prevent infinite loops), but according to maintainers it's best prohibited outright. NOTE: doing so guarantees that u32_destroy() will trigger the call of u32_destroy_hnode(); we might want to make that unconditional. Test: tc qdisc add dev eth0 ingress tc filter add dev eth0 parent ffff: protocol ip prio 100 u32 \ link 800: offset at 0 mask 0f00 shift 6 plus 0 eat match ip protocol 6 ff should fail with Error: cls_u32: Not linking to root node Signed-off-by: Al Viro Tested-by: Jamal Hadi Salim Acked-by: Jamal Hadi Salim --- net/sched/cls_u32.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c index c4782aa808c7..72459b09d910 100644 --- a/net/sched/cls_u32.c +++ b/net/sched/cls_u32.c @@ -797,6 +797,10 @@ static int u32_set_parms(struct net *net, struct tcf_proto *tp, NL_SET_ERR_MSG_MOD(extack, "Link hash table not found"); return -EINVAL; } + if (ht_down->is_root) { + NL_SET_ERR_MSG_MOD(extack, "Not linking to root node"); + return -EINVAL; + } ht_down->refcnt++; }