forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/net/sched
History
Xin Long 248af6aa22 net: sched: fix NULL pointer dereference when action calls some targets 
[ Upstream commit 4f8a881acc ]

As we know in some target's checkentry it may dereference par.entryinfo
to check entry stuff inside. But when sched action calls xt_check_target,
par.entryinfo is set with NULL. It would cause kernel panic when calling
some targets.

It can be reproduce with:
  # tc qd add dev eth1 ingress handle ffff:
  # tc filter add dev eth1 parent ffff: u32 match u32 0 0 action xt \
    -j ECN --ecn-tcp-remove

It could also crash kernel when using target CLUSTERIP or TPROXY.

By now there's no proper value for par.entryinfo in ipt_init_target,
but it can not be set with NULL. This patch is to void all these
panics by setting it with an ipt_entry obj with all members = 0.

Note that this issue has been there since the very beginning.

Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-08-30 10:19:21 +02:00
..
act_api.c net sched actions: decrement module reference count after table flush. 2017-03-22 12:04:18 +01:00
act_bpf.c bpf: add bpf_redirect() helper 2015-09-17 21:09:07 -07:00
act_connmark.c act_connmark: avoid crashing on malformed nlattrs with null parms 2017-03-22 12:04:16 +01:00
act_csum.c bpf: try harder on clones when writing into skb 2016-07-11 09:31:12 -07:00
act_gact.c net_sched: act_gact: remove spinlock in fast path 2015-07-08 13:50:42 -07:00
act_ipt.c net: sched: fix NULL pointer dereference when action calls some targets 2017-08-30 10:19:21 +02:00
act_mirred.c net_sched: close another race condition in tcf_mirred_release() 2017-05-02 21:19:49 -07:00
act_nat.c bpf: try harder on clones when writing into skb 2016-07-11 09:31:12 -07:00
act_pedit.c net/sched: pedit: make sure that offset is valid 2016-12-10 19:07:23 +01:00
act_police.c sched: fix act file names in header comment 2014-11-06 15:04:41 -05:00
act_simple.c net: sched: add percpu stats to actions 2015-07-08 13:50:41 -07:00
act_skbedit.c net: sched: add percpu stats to actions 2015-07-08 13:50:41 -07:00
act_vlan.c net/sched: act_vlan: Push skb->data to mac_header prior calling skb_vlan_*() functions 2016-11-15 07:46:37 +01:00
cls_api.c net, sched: fix soft lockup in tc_classify 2017-01-15 13:41:34 +01:00
cls_basic.c net, sched: respect rcu grace period on cls destruction 2016-12-10 19:07:23 +01:00
cls_bpf.c net, sched: respect rcu grace period on cls destruction 2016-12-10 19:07:23 +01:00
cls_cgroup.c net, sched: respect rcu grace period on cls destruction 2016-12-10 19:07:23 +01:00
cls_flow.c net, sched: respect rcu grace period on cls destruction 2016-12-10 19:07:23 +01:00
cls_flower.c net, sched: respect rcu grace period on cls destruction 2016-12-10 19:07:23 +01:00
cls_fw.c net: revert "net_sched: move tp->root allocation into fw_init()" 2015-09-24 14:33:30 -07:00
cls_route.c net_sched: destroy proto tp when all filters are gone 2015-03-09 15:35:55 -04:00
cls_rsvp.c
cls_rsvp.h net, sched: respect rcu grace period on cls destruction 2016-12-10 19:07:23 +01:00
cls_rsvp6.c
cls_tcindex.c net, sched: respect rcu grace period on cls destruction 2016-12-10 19:07:23 +01:00
cls_u32.c cls_u32: complete the check for non-forced case in u32_destroy() 2015-08-25 17:02:48 -07:00
em_canid.c net: sched: remove tcf_proto from ematch calls 2014-10-06 18:02:32 -04:00
em_cmp.c
em_ipset.c netfilter: x_tables: Pass struct net in xt_action_param 2015-09-18 21:58:14 +02:00
em_meta.c net_sched: em_meta: use skb_to_full_sk() helper 2015-11-08 20:56:39 -05:00
em_nbyte.c net: sched: remove tcf_proto from ematch calls 2014-10-06 18:02:32 -04:00
em_text.c net: Remove state argument from skb_find_text() 2015-02-22 15:59:54 -05:00
em_u32.c
ematch.c ematch: Fix auto-loading of ematch modules. 2015-02-20 15:30:56 -05:00
Kconfig net: add CONFIG_NET_INGRESS to enable ingress filtering 2015-05-14 01:10:05 -04:00
Makefile tc: introduce Flower classifier 2015-05-13 15:19:48 -04:00
sch_api.c net: sched: Fix one possible panic when no destroy callback 2017-07-21 07:44:54 +02:00
sch_atm.c net: sched: consolidate tc_classify{,_compat} 2015-08-27 14:18:48 -07:00
sch_blackhole.c net/sched: make sch_blackhole.c explicitly non-modular 2015-10-09 07:52:28 -07:00
sch_cbq.c net_sched: update hierarchical backlog too 2016-05-18 17:06:39 -07:00
sch_choke.c net_sched: update hierarchical backlog too 2016-05-18 17:06:39 -07:00
sch_codel.c net_sched: update hierarchical backlog too 2016-05-18 17:06:39 -07:00
sch_drr.c net_sched: update hierarchical backlog too 2016-05-18 17:06:39 -07:00
sch_dsmark.c sch_dsmark: update backlog as well 2016-05-18 17:06:39 -07:00
sch_fifo.c net_sched: fix pfifo_head_drop behavior vs backlog 2016-07-11 09:31:11 -07:00
sch_fq.c net_sched: update hierarchical backlog too 2016-05-18 17:06:39 -07:00
sch_fq_codel.c net_sched: update hierarchical backlog too 2016-05-18 17:06:39 -07:00
sch_generic.c net: sched: do not requeue a NULL skb 2016-05-18 17:06:35 -07:00
sch_gred.c net: sched: drop all special handling of tx_queue_len == 0 2015-08-18 11:55:08 -07:00
sch_hfsc.c net_sched: update hierarchical backlog too 2016-05-18 17:06:39 -07:00
sch_hhf.c net_sched: fix error recovery at qdisc creation 2017-07-21 07:44:54 +02:00
sch_htb.c sch_htb: update backlog as well 2016-05-18 17:06:39 -07:00
sch_ingress.c net: sched: further simplify handle_ing 2015-05-11 11:10:35 -04:00
sch_mq.c net_sched: fix error recovery at qdisc creation 2017-07-21 07:44:54 +02:00
sch_mqprio.c net_sched: fix error recovery at qdisc creation 2017-07-21 07:44:54 +02:00
sch_multiq.c net_sched: update hierarchical backlog too 2016-05-18 17:06:39 -07:00
sch_netem.c netem: fix a use after free 2016-07-11 09:31:11 -07:00
sch_pie.c net_sched: update hierarchical backlog too 2016-05-18 17:06:39 -07:00
sch_plug.c net: sched: drop all special handling of tx_queue_len == 0 2015-08-18 11:55:08 -07:00
sch_prio.c net_sched: update hierarchical backlog too 2016-05-18 17:06:39 -07:00
sch_qfq.c net_sched: update hierarchical backlog too 2016-05-18 17:06:39 -07:00
sch_red.c net_sched: update hierarchical backlog too 2016-05-18 17:06:39 -07:00
sch_sfb.c net_sched: update hierarchical backlog too 2016-05-18 17:06:39 -07:00
sch_sfq.c net_sched/sfq: update hierarchical backlog when drop packet 2017-08-30 10:19:19 +02:00
sch_tbf.c net_sched: update hierarchical backlog too 2016-05-18 17:06:39 -07:00
sch_teql.c net: sched: fix skb->protocol use in case of accelerated vlan path 2015-01-13 17:51:08 -05:00