From: Patrick McHardy <kaber@trash.net>
To: "David S. Miller" <davem@davemloft.net>
Cc: Linux Netdev List <netdev@vger.kernel.org>,
Thomas Graf <tgraf@suug.ch>, jamal <hadi@cyberus.ca>
Subject: [NET_SCHED]: cls_fw: fix NULL pointer dereference
Date: Mon, 04 Dec 2006 16:34:46 +0100 [thread overview]
Message-ID: <45744016.8080707@trash.net> (raw)
[-- Attachment #1: Type: text/plain, Size: 192 bytes --]
Fix a regression from my nfmark mask patch for cls_fw.
Thomas, Jamal, do you have an idea what this "old method" stuff
is used for? It seems it is only used during the below mentioned
race.
[-- Attachment #2: x --]
[-- Type: text/plain, Size: 1313 bytes --]
[NET_SCHED]: cls_fw: fix NULL pointer dereference
When the first fw classifier is initialized, there is a small window
between the ->init() and ->change() calls, during which the classifier
is active but not entirely set up and tp->root is still NULL (->init()
does nothing).
When a packet is queued during this window a NULL pointer dereference
occurs in fw_classify() when trying to dereference head->mask;
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit 07aac6f7b7e43bc1bb960b2f41a02e81d4e25ead
tree 523108861c92ec7e513fbc8561a57b5e1c56c1eb
parent d916faace3efc0bf19fe9a615a1ab8fa1a24cd93
author Patrick McHardy <kaber@trash.net> Mon, 04 Dec 2006 16:29:07 +0100
committer Patrick McHardy <kaber@trash.net> Mon, 04 Dec 2006 16:29:07 +0100
net/sched/cls_fw.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/net/sched/cls_fw.c b/net/sched/cls_fw.c
index f59a2c4..c797d6a 100644
--- a/net/sched/cls_fw.c
+++ b/net/sched/cls_fw.c
@@ -101,9 +101,10 @@ static int fw_classify(struct sk_buff *s
struct fw_head *head = (struct fw_head*)tp->root;
struct fw_filter *f;
int r;
- u32 id = skb->mark & head->mask;
+ u32 id = skb->mark;
if (head != NULL) {
+ id &= head->mask;
for (f=head->ht[fw_hash(id)]; f; f=f->next) {
if (f->id == id) {
*res = f->res;
next reply other threads:[~2006-12-04 15:31 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-12-04 15:34 Patrick McHardy [this message]
2006-12-04 16:25 ` [NET_SCHED]: cls_fw: fix NULL pointer dereference jamal
2006-12-04 16:28 ` Thomas Graf
2006-12-04 16:39 ` Patrick McHardy
2006-12-04 16:59 ` Thomas Graf
2006-12-05 21:46 ` David Miller
2006-12-06 13:18 ` Jarek Poplawski
2006-12-06 17:17 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=45744016.8080707@trash.net \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=hadi@cyberus.ca \
--cc=netdev@vger.kernel.org \
--cc=tgraf@suug.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.