Patch "net_sched: prevent NULL dereference if default qdisc setup failed" has been added to the 5.4-stable tree

[<gregkh@linuxfoundation.org>]

This is a note to let you know that I've just added the patch titled

    net_sched: prevent NULL dereference if default qdisc setup failed

to the 5.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     net_sched-prevent-null-dereference-if-default-qdisc-setup-failed.patch
and it can be found in the queue-5.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


From ptyadav@amazon.de  Tue Apr 11 15:12:32 2023
From: Pratyush Yadav <ptyadav@amazon.de>
Date: Tue, 11 Apr 2023 15:02:10 +0200
Subject: net_sched: prevent NULL dereference if default qdisc setup failed
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Pratyush Yadav <ptyadav@amazon.de>, <stable@vger.kernel.org>, <patches@lists.linux.dev>, Eric Dumazet <edumazet@google.com>, Vlad Buslov <vladbu@mellanox.com>, syzbot <syzkaller@googlegroups.com>, Jamal Hadi Salim <jhs@mojatatu.com>, Cong Wang <xiyou.wangcong@gmail.com>, Jiri Pirko <jiri@resnulli.us>, "David S. Miller" <davem@davemloft.net>, Zubin Mithra <zsm@google.com>, Norbert Manthey <nmanthey@amazon.de>
Message-ID: <20230411130210.113555-1-ptyadav@amazon.de>

From: Pratyush Yadav <ptyadav@amazon.de>

If qdisc_create_dflt() fails, it returns NULL. With CONFIG_NET_SCHED
enabled, the check qdisc != &noop_qdisc passes and qdisc will be passed
to qdisc_hash_add(), which dereferences it.

This assignment was present in the upstream commit 5891cd5ec46c2
("net_sched: add __rcu annotation to netdev->qdisc") but was missed in
the backport 22d95b5449249 ("net_sched: add __rcu annotation to
netdev->qdisc"), perhaps due to merge conflicts.  dev->qdisc is
&noop_qdisc by default and if qdisc_create_dflt() fails, this assignment
will make sure qdisc == &noop_qdisc and no NULL dereference will take
place.

This bug was discovered and resolved using Coverity Static Analysis
Security Testing (SAST) by Synopsys, Inc.

Fixes: 22d95b5449249 ("net_sched: add __rcu annotation to netdev->qdisc")
Signed-off-by: Pratyush Yadav <ptyadav@amazon.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/sched/sch_generic.c |    1 +
 1 file changed, 1 insertion(+)

--- a/net/sched/sch_generic.c
+++ b/net/sched/sch_generic.c
@@ -1116,6 +1116,7 @@ static void attach_default_qdiscs(struct
 			qdisc->ops->attach(qdisc);
 		}
 	}
+	qdisc = rtnl_dereference(dev->qdisc);
 
 #ifdef CONFIG_NET_SCHED
 	if (qdisc != &noop_qdisc)


Patches currently in stable-queue which might be from ptyadav@amazon.de are

queue-5.4/net_sched-prevent-null-dereference-if-default-qdisc-setup-failed.patch
queue-5.4/smb3-fix-problem-with-null-cifs-super-block-with-previous-patch.patch