redonkable/alistair23-linux
redonkable/alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/net
History
Matteo Croce 25426043ec cls_matchall: avoid panic when receiving a packet before filter set 
When a matchall classifier is added, there is a small time interval in
which tp->root is NULL. If we receive a packet in this small time slice
a NULL pointer dereference will happen, leading to a kernel panic:

    # tc qdisc replace dev eth0 ingress
    # tc filter add dev eth0 parent ffff: matchall action gact drop
    Unable to handle kernel NULL pointer dereference at virtual address 0000000000000034
    Mem abort info:
      ESR = 0x96000005
      Exception class = DABT (current EL), IL = 32 bits
      SET = 0, FnV = 0
      EA = 0, S1PTW = 0
    Data abort info:
      ISV = 0, ISS = 0x00000005
      CM = 0, WnR = 0
    user pgtable: 4k pages, 39-bit VAs, pgdp = 00000000a623d530
    [0000000000000034] pgd=0000000000000000, pud=0000000000000000
    Internal error: Oops: 96000005 [#1] SMP
    Modules linked in: cls_matchall sch_ingress nls_iso8859_1 nls_cp437 vfat fat m25p80 spi_nor mtd xhci_plat_hcd xhci_hcd phy_generic sfp mdio_i2c usbcore i2c_mv64xxx marvell10g mvpp2 usb_common spi_orion mvmdio i2c_core sbsa_gwdt phylink ip_tables x_tables autofs4
    Process ksoftirqd/0 (pid: 9, stack limit = 0x0000000009de7d62)
    CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.1.0-rc6 #21
    Hardware name: Marvell 8040 MACCHIATOBin Double-shot (DT)
    pstate: 40000005 (nZcv daif -PAN -UAO)
    pc : mall_classify+0x28/0x78 [cls_matchall]
    lr : tcf_classify+0x78/0x138
    sp : ffffff80109db9d0
    x29: ffffff80109db9d0 x28: ffffffc426058800
    x27: 0000000000000000 x26: ffffffc425b0dd00
    x25: 0000000020000000 x24: 0000000000000000
    x23: ffffff80109dbac0 x22: 0000000000000001
    x21: ffffffc428ab5100 x20: ffffffc425b0dd00
    x19: ffffff80109dbac0 x18: 0000000000000000
    x17: 0000000000000000 x16: 0000000000000000
    x15: 0000000000000000 x14: 0000000000000000
    x13: ffffffbf108ad288 x12: dead000000000200
    x11: 00000000f0000000 x10: 0000000000000001
    x9 : ffffffbf1089a220 x8 : 0000000000000001
    x7 : ffffffbebffaa950 x6 : 0000000000000000
    x5 : 000000442d6ba000 x4 : 0000000000000000
    x3 : ffffff8008735ad8 x2 : ffffff80109dbac0
    x1 : ffffffc425b0dd00 x0 : ffffff8010592078
    Call trace:
     mall_classify+0x28/0x78 [cls_matchall]
     tcf_classify+0x78/0x138
     __netif_receive_skb_core+0x29c/0xa20
     __netif_receive_skb_one_core+0x34/0x60
     __netif_receive_skb+0x28/0x78
     netif_receive_skb_internal+0x2c/0xc0
     napi_gro_receive+0x1a0/0x1d8
     mvpp2_poll+0x928/0xb18 [mvpp2]
     net_rx_action+0x108/0x378
     __do_softirq+0x128/0x320
     run_ksoftirqd+0x44/0x60
     smpboot_thread_fn+0x168/0x1b0
     kthread+0x12c/0x130
     ret_from_fork+0x10/0x1c
    Code: aa0203f3 aa1e03e0 d503201f f9400684 (b9403480)
    ---[ end trace fc71e2ef7b8ab5a5 ]---
    Kernel panic - not syncing: Fatal exception in interrupt
    SMP: stopping secondary CPUs
    Kernel Offset: disabled
    CPU features: 0x002,00002000
    Memory Limit: none
    Rebooting in 1 seconds..

Fix this by adding a NULL check in mall_classify().

Fixes: ed76f5edcc ("net: sched: protect filter_chain list with filter_chain_lock mutex")
Signed-off-by: Matteo Croce <mcroce@redhat.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-05-04 00:57:48 -04:00
..
6lowpan
9p
802
8021q vlan: conditional inclusion of FCoE hooks to match netdevice.h and bnx2x 2019-04-04 17:18:34 -07:00
appletalk appletalk: Set error code if register_snap_client failed 2019-04-30 11:09:28 -04:00
atm net: atm: Fix potential Spectre v1 vulnerabilities 2019-04-16 21:01:45 -07:00
ax25
batman-adv
bluetooth Bluetooth: Check address length before reading address field 2019-04-12 10:25:03 -07:00
bpf
bpfilter
bridge Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 2019-04-22 21:23:55 -07:00
caif
can
ceph
core neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit 2019-05-04 00:38:53 -04:00
dcb
dccp dccp: Fix memleak in __feat_register_sp 2019-04-01 18:15:10 -07:00
decnet
dns_resolver
dsa net: dsa: Implement flow_dissect callback for tag_qca 2019-03-28 16:57:19 -07:00
ethernet
hsr
ieee802154
ife
ipv4 udp: fix GRO packet of death 2019-05-01 22:29:56 -04:00
ipv6 ipv6: A few fixes on dereferencing rt->from 2019-05-01 17:17:54 -04:00
iucv
kcm kcm: switch order of device registration to fix a crash 2019-04-01 14:59:20 -07:00
key
l2tp l2ip: fix possible use-after-free 2019-04-30 11:35:48 -04:00
l3mdev
lapb
llc llc: Check address length before reading address field 2019-04-12 10:25:03 -07:00
mac80211 mac80211: don't attempt to rename ERR_PTR() debugfs dirs 2019-04-23 13:47:05 +02:00
mac802154
mpls
ncsi net/ncsi: handle overflow when incrementing mac address 2019-04-23 21:15:15 -07:00
netfilter netfilter: fix nf_l4proto_log_invalid to log invalid packets 2019-04-22 10:38:50 +02:00
netlabel
netlink genetlink: use idr_alloc_cyclic for family->id assignment 2019-04-26 11:59:58 -04:00
netrom net: netrom: Fix error cleanup path of nr_proto_init 2019-04-11 13:59:49 -07:00
nfc NFC: nci: Add some bounds checking in nci_hci_cmd_received() 2019-04-06 15:05:07 -07:00
nsh
openvswitch openvswitch: fix flow actions reallocation 2019-03-28 17:15:44 -07:00
packet packet: validate msg_namelen in send directly 2019-05-01 11:28:35 -04:00
phonet
psample
qrtr
rds rds: ib: force endiannes annotation 2019-05-01 17:15:36 -04:00
rfkill
rose net/rose: fix unbound loop in rose_loopback_timer() 2019-04-24 14:39:26 -07:00
rxrpc rxrpc: Fix net namespace cleanup 2019-04-30 10:50:50 -04:00
sched cls_matchall: avoid panic when receiving a packet before filter set 2019-05-04 00:57:48 -04:00
sctp sctp: avoid running the sctp state machine recursively 2019-05-01 09:18:57 -04:00
smc net/smc: move unhash before release of clcsock 2019-04-11 11:04:08 -07:00
strparser net: strparser: partially revert "strparser: Call skb_unclone conditionally" 2019-04-10 13:07:02 -07:00
sunrpc Fix miscellaneous nfsd bugs, in NFSv4.1 callbacks, NFSv4.1 2019-04-23 13:40:55 -07:00
switchdev
tipc tipc: set sysctl_tipc_rmem and named_timeout right range 2019-04-16 21:32:02 -07:00
tls net/tls: avoid NULL pointer deref on nskb->sk in fallback 2019-05-01 11:37:56 -04:00
unix
vmw_vsock
wimax
wireless cfg80211: Notify previous user request during self managed wiphy registration 2019-04-23 13:45:30 +02:00
x25
xdp
xfrm
compat.c
Kconfig
Makefile
socket.c
sysctl_net.c