forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/net/sched
History
Cong Wang 66ac8ee96f net_sched: fix datalen for ematch 
[ Upstream commit 61678d28d4 ]

syzbot reported an out-of-bound access in em_nbyte. As initially
analyzed by Eric, this is because em_nbyte sets its own em->datalen
in em_nbyte_change() other than the one specified by user, but this
value gets overwritten later by its caller tcf_em_validate().
We should leave em->datalen untouched to respect their choices.

I audit all the in-tree ematch users, all of those implement
->change() set em->datalen, so we can just avoid setting it twice
in this case.

Reported-and-tested-by: syzbot+5af9a90dad568aa9f611@syzkaller.appspotmail.com
Reported-by: syzbot+2f07903a5b05e7f36410@syzkaller.appspotmail.com
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-29 16:43:16 +01:00
..
act_api.c net: avoid potential infinite loop in tc_ctl_action() 2019-10-29 09:19:39 +01:00
act_bpf.c net_sched: fix a NULL pointer deref in ipt action 2019-09-10 10:33:39 +01:00
act_connmark.c net_sched: fix a NULL pointer deref in ipt action 2019-09-10 10:33:39 +01:00
act_csum.c net: sched: act_csum: Fix csum calc for tagged packets 2020-01-27 14:50:29 +01:00
act_gact.c net_sched: fix a NULL pointer deref in ipt action 2019-09-10 10:33:39 +01:00
act_ife.c net_sched: fix a NULL pointer deref in ipt action 2019-09-10 10:33:39 +01:00
act_ipt.c net_sched: fix a NULL pointer deref in ipt action 2019-09-10 10:33:39 +01:00
act_meta_mark.c net: remove duplicate includes 2017-12-13 13:18:46 -05:00
act_meta_skbprio.c
act_meta_skbtcindex.c net: remove duplicate includes 2017-12-13 13:18:46 -05:00
act_mirred.c act_mirred: Fix mirred_init_module error handling 2020-01-27 14:51:18 +01:00
act_nat.c net_sched: fix a NULL pointer deref in ipt action 2019-09-10 10:33:39 +01:00
act_pedit.c net/sched: act_pedit: fix WARN() in the traffic path 2019-12-01 09:16:06 +01:00
act_police.c net_sched: fix a NULL pointer deref in ipt action 2019-09-10 10:33:39 +01:00
act_sample.c net/sched: act_sample: don't push mac header on ip6gre ingress 2019-10-05 13:09:28 +02:00
act_simple.c net_sched: fix a NULL pointer deref in ipt action 2019-09-10 10:33:39 +01:00
act_skbedit.c net_sched: fix a NULL pointer deref in ipt action 2019-09-10 10:33:39 +01:00
act_skbmod.c net_sched: fix a NULL pointer deref in ipt action 2019-09-10 10:33:39 +01:00
act_tunnel_key.c net: sched: ensure opts_len <= IP_TUNNEL_OPTS_MAX in act_tunnel_key 2019-12-01 09:16:06 +01:00
act_vlan.c net_sched: fix a NULL pointer deref in ipt action 2019-09-10 10:33:39 +01:00
cls_api.c net: sched: fix possible crash in tcf_action_destroy() 2019-10-05 13:09:30 +02:00
cls_basic.c sched: fix trailing whitespace 2018-07-24 14:10:42 -07:00
cls_bpf.c cls_bpf: Use kmemdup instead of duplicating it in cls_bpf_prog_from_ops 2018-07-29 13:19:49 -07:00
cls_cgroup.c net_sched: switch to rcu_work 2018-05-24 22:56:15 -04:00
cls_flow.c net_sched: switch to rcu_work 2018-05-24 22:56:15 -04:00
cls_flower.c net: sched: flower: insert new filter to idr after setting its mask 2019-03-19 13:12:41 +01:00
cls_fw.c net_sched: switch to rcu_work 2018-05-24 22:56:15 -04:00
cls_matchall.c net/sched: fix ->get helper of the matchall cls 2019-04-17 08:38:41 +02:00
cls_route.c net_sched: switch to rcu_work 2018-05-24 22:56:15 -04:00
cls_rsvp.c
cls_rsvp.h net_sched: switch to rcu_work 2018-05-24 22:56:15 -04:00
cls_rsvp6.c
cls_tcindex.c net_sched: fix two more memory leaks in cls_tcindex 2019-02-27 10:08:59 +01:00
cls_u32.c net: sched: cls_u32: fix hnode refcounting 2018-10-07 21:02:37 -07:00
em_canid.c
em_cmp.c
em_ipset.c
em_ipt.c net: sched: add em_ipt ematch for calling xtables matches 2018-02-21 13:15:33 -05:00
em_meta.c
em_nbyte.c net: sched: em_nbyte: don't add the data offset twice 2018-01-24 14:52:40 -05:00
em_text.c
em_u32.c
ematch.c net_sched: fix datalen for ematch 2020-01-29 16:43:16 +01:00
Kconfig net/sched: add skbprio scheduler 2018-07-24 14:44:00 -07:00
Makefile net/sched: add skbprio scheduler 2018-07-24 14:44:00 -07:00
sch_api.c net_sched: add max len check for TCA_KIND 2019-10-05 13:09:28 +02:00
sch_atm.c net: sch: api: add extack support in qdisc_create_dflt 2017-12-21 12:32:51 -05:00
sch_blackhole.c net_sched: blackhole: tell upper qdisc about dropped packets 2018-06-17 08:42:33 +09:00
sch_cake.c sch_cake: avoid possible divide by zero in cake_enqueue() 2020-01-12 12:17:26 +01:00
sch_cbq.c sch_cbq: validate TCA_CBQ_WRROPT to avoid crash 2019-10-07 18:57:26 +02:00
sch_cbs.c net: sched: cbs: Avoid division by zero when calculating the port rate 2020-01-27 14:51:16 +01:00
sch_choke.c net: sched: sch: add extack for change qdisc ops 2017-12-21 12:32:50 -05:00
sch_codel.c net: sched: Fix a possible null-pointer dereference in dequeue_func() 2019-08-09 17:52:32 +02:00
sch_drr.c net: sch: sch_drr: add extack support 2017-12-21 12:32:51 -05:00
sch_dsmark.c sch_dsmark: fix potential NULL deref in dsmark_init() 2019-10-07 18:57:23 +02:00
sch_etf.c net/sched: Make etf report drops on error_queue 2018-07-04 22:30:28 +09:00
sch_fifo.c net: sch: api: add extack support in qdisc_create_dflt 2017-12-21 12:32:51 -05:00
sch_fq.c pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM 2020-01-12 12:17:26 +01:00
sch_fq_codel.c net_sched: unset TCQ_F_CAN_BYPASS when adding filters 2019-07-28 08:29:27 +02:00
sch_generic.c net: sched: avoid writing on noop_qdisc 2019-11-24 08:21:02 +01:00
sch_gred.c net: sched: gred: pass the right attribute to gred_change_table_def() 2018-11-04 14:50:51 +01:00
sch_hfsc.c net_sched: remove a bogus warning in hfsc 2018-06-23 10:58:46 +09:00
sch_hhf.c net/flow_dissector: switch to siphash 2019-11-10 11:27:54 +01:00
sch_htb.c net_sched: remove unused htb drop_list 2018-06-24 16:42:46 +09:00
sch_ingress.c net: sched: allow ingress and clsact qdiscs to share filter blocks 2018-01-17 14:53:57 -05:00
sch_mq.c net: sched: fix dump qlen for sch_mq/sch_mqprio with NOLOCK subqueues 2019-12-21 10:57:12 +01:00
sch_mqprio.c net: sched: fix dump qlen for sch_mq/sch_mqprio with NOLOCK subqueues 2019-12-21 10:57:12 +01:00
sch_multiq.c net: sched: fix tc -s class show no bstats on class with nolock subqueues 2019-12-05 09:21:32 +01:00
sch_netem.c net: netem: correct the parent's backlog when corrupted packet was dropped 2020-01-27 14:51:19 +01:00
sch_pie.c net: sched: sch: add extack for change qdisc ops 2017-12-21 12:32:50 -05:00
sch_plug.c net: sched: sch: add extack for change qdisc ops 2017-12-21 12:32:50 -05:00
sch_prio.c net: sch_prio: When ungrafting, replace with FIFO 2020-01-12 12:17:29 +01:00
sch_qfq.c net: sch: api: add extack support in qdisc_create_dflt 2017-12-21 12:32:51 -05:00
sch_red.c net: sched: red: avoid hashing NULL child 2018-05-18 13:52:32 -04:00
sch_sfb.c net/flow_dissector: switch to siphash 2019-11-10 11:27:54 +01:00
sch_sfq.c net/flow_dissector: switch to siphash 2019-11-10 11:27:54 +01:00
sch_skbprio.c net/sched: add skbprio scheduler 2018-07-24 14:44:00 -07:00
sch_tbf.c net: sched: red: avoid hashing NULL child 2018-05-18 13:52:32 -04:00
sch_teql.c net: sched: sch: add extack for init callback 2017-12-21 12:32:50 -05:00