* [patch net 0/2] net: sched: couple of fixes on ingress/clsact init error path
@ 2017-12-15 11:40 Jiri Pirko
2017-12-15 11:40 ` [patch net 1/2] net: sched: fix clsact " Jiri Pirko
2017-12-15 11:40 ` [patch net 2/2] net: sched: fix static key imbalance in case of ingress/clsact_init error Jiri Pirko
0 siblings, 2 replies; 7+ messages in thread
From: Jiri Pirko @ 2017-12-15 11:40 UTC (permalink / raw)
To: netdev; +Cc: davem, jhs, xiyou.wangcong, mlxsw, daniel
From: Jiri Pirko <jiri@mellanox.com>
Jiri Pirko (2):
net: sched: fix clsact init error path
net: sched: fix static key imbalance in case of ingress/clsact_init
error
net/sched/cls_api.c | 4 ++--
net/sched/sch_ingress.c | 15 ++++++---------
2 files changed, 8 insertions(+), 11 deletions(-)
--
2.9.5
^ permalink raw reply [flat|nested] 7+ messages in thread* [patch net 1/2] net: sched: fix clsact init error path 2017-12-15 11:40 [patch net 0/2] net: sched: couple of fixes on ingress/clsact init error path Jiri Pirko @ 2017-12-15 11:40 ` Jiri Pirko 2017-12-15 19:17 ` Cong Wang 2017-12-15 20:44 ` David Miller 2017-12-15 11:40 ` [patch net 2/2] net: sched: fix static key imbalance in case of ingress/clsact_init error Jiri Pirko 1 sibling, 2 replies; 7+ messages in thread From: Jiri Pirko @ 2017-12-15 11:40 UTC (permalink / raw) To: netdev; +Cc: davem, jhs, xiyou.wangcong, mlxsw, daniel From: Jiri Pirko <jiri@mellanox.com> Since in qdisc_create, the destroy op is called when init fails, we don't do cleanup in init and leave it up to destroy. This fixes use-after-free when trying to put already freed block. Fixes: 6e40cf2d4dee ("net: sched: use extended variants of block_get/put in ingress and clsact qdiscs") Signed-off-by: Jiri Pirko <jiri@mellanox.com> --- net/sched/cls_api.c | 4 ++-- net/sched/sch_ingress.c | 6 +----- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c index f40256a..b91ea03 100644 --- a/net/sched/cls_api.c +++ b/net/sched/cls_api.c @@ -351,6 +351,8 @@ void tcf_block_put_ext(struct tcf_block *block, struct Qdisc *q, { struct tcf_chain *chain; + if (!block) + return; /* Hold a refcnt for all chains, except 0, so that they don't disappear * while we are iterating. */ @@ -377,8 +379,6 @@ void tcf_block_put(struct tcf_block *block) { struct tcf_block_ext_info ei = {0, }; - if (!block) - return; tcf_block_put_ext(block, block->q, &ei); } diff --git a/net/sched/sch_ingress.c b/net/sched/sch_ingress.c index 5ecc38f..5e1cd2e 100644 --- a/net/sched/sch_ingress.c +++ b/net/sched/sch_ingress.c @@ -190,7 +190,7 @@ static int clsact_init(struct Qdisc *sch, struct nlattr *opt) err = tcf_block_get_ext(&q->egress_block, sch, &q->egress_block_info); if (err) - goto err_egress_block_get; + return err; net_inc_ingress_queue(); net_inc_egress_queue(); @@ -198,10 +198,6 @@ static int clsact_init(struct Qdisc *sch, struct nlattr *opt) sch->flags |= TCQ_F_CPUSTATS; return 0; - -err_egress_block_get: - tcf_block_put_ext(q->ingress_block, sch, &q->ingress_block_info); - return err; } static void clsact_destroy(struct Qdisc *sch) -- 2.9.5 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [patch net 1/2] net: sched: fix clsact init error path 2017-12-15 11:40 ` [patch net 1/2] net: sched: fix clsact " Jiri Pirko @ 2017-12-15 19:17 ` Cong Wang 2017-12-15 20:44 ` David Miller 1 sibling, 0 replies; 7+ messages in thread From: Cong Wang @ 2017-12-15 19:17 UTC (permalink / raw) To: Jiri Pirko Cc: Linux Kernel Network Developers, David Miller, Jamal Hadi Salim, mlxsw, Daniel Borkmann On Fri, Dec 15, 2017 at 3:40 AM, Jiri Pirko <jiri@resnulli.us> wrote: > From: Jiri Pirko <jiri@mellanox.com> > > Since in qdisc_create, the destroy op is called when init fails, we > don't do cleanup in init and leave it up to destroy. > This fixes use-after-free when trying to put already freed block. > > Fixes: 6e40cf2d4dee ("net: sched: use extended variants of block_get/put in ingress and clsact qdiscs") > Signed-off-by: Jiri Pirko <jiri@mellanox.com> Acked-by: Cong Wang <xiyou.wangcong@gmail.com> ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [patch net 1/2] net: sched: fix clsact init error path 2017-12-15 11:40 ` [patch net 1/2] net: sched: fix clsact " Jiri Pirko 2017-12-15 19:17 ` Cong Wang @ 2017-12-15 20:44 ` David Miller 1 sibling, 0 replies; 7+ messages in thread From: David Miller @ 2017-12-15 20:44 UTC (permalink / raw) To: jiri; +Cc: netdev, jhs, xiyou.wangcong, mlxsw, daniel From: Jiri Pirko <jiri@resnulli.us> Date: Fri, 15 Dec 2017 12:40:12 +0100 > From: Jiri Pirko <jiri@mellanox.com> > > Since in qdisc_create, the destroy op is called when init fails, we > don't do cleanup in init and leave it up to destroy. > This fixes use-after-free when trying to put already freed block. > > Fixes: 6e40cf2d4dee ("net: sched: use extended variants of block_get/put in ingress and clsact qdiscs") > Signed-off-by: Jiri Pirko <jiri@mellanox.com> Applied. ^ permalink raw reply [flat|nested] 7+ messages in thread
* [patch net 2/2] net: sched: fix static key imbalance in case of ingress/clsact_init error 2017-12-15 11:40 [patch net 0/2] net: sched: couple of fixes on ingress/clsact init error path Jiri Pirko 2017-12-15 11:40 ` [patch net 1/2] net: sched: fix clsact " Jiri Pirko @ 2017-12-15 11:40 ` Jiri Pirko 2017-12-15 19:18 ` Cong Wang 2017-12-15 20:44 ` David Miller 1 sibling, 2 replies; 7+ messages in thread From: Jiri Pirko @ 2017-12-15 11:40 UTC (permalink / raw) To: netdev; +Cc: davem, jhs, xiyou.wangcong, mlxsw, daniel From: Jiri Pirko <jiri@mellanox.com> Move static key increments to the beginning of the init function so they pair 1:1 with decrements in ingress/clsact_destroy, which is called in case ingress/clsact_init fails. Fixes: 6529eaba33f0 ("net: sched: introduce tcf block infractructure") Signed-off-by: Jiri Pirko <jiri@mellanox.com> --- net/sched/sch_ingress.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/net/sched/sch_ingress.c b/net/sched/sch_ingress.c index 5e1cd2e..fc1286f 100644 --- a/net/sched/sch_ingress.c +++ b/net/sched/sch_ingress.c @@ -68,6 +68,8 @@ static int ingress_init(struct Qdisc *sch, struct nlattr *opt) struct net_device *dev = qdisc_dev(sch); int err; + net_inc_ingress_queue(); + mini_qdisc_pair_init(&q->miniqp, sch, &dev->miniq_ingress); q->block_info.binder_type = TCF_BLOCK_BINDER_TYPE_CLSACT_INGRESS; @@ -78,7 +80,6 @@ static int ingress_init(struct Qdisc *sch, struct nlattr *opt) if (err) return err; - net_inc_ingress_queue(); sch->flags |= TCQ_F_CPUSTATS; return 0; @@ -172,6 +173,9 @@ static int clsact_init(struct Qdisc *sch, struct nlattr *opt) struct net_device *dev = qdisc_dev(sch); int err; + net_inc_ingress_queue(); + net_inc_egress_queue(); + mini_qdisc_pair_init(&q->miniqp_ingress, sch, &dev->miniq_ingress); q->ingress_block_info.binder_type = TCF_BLOCK_BINDER_TYPE_CLSACT_INGRESS; @@ -192,9 +196,6 @@ static int clsact_init(struct Qdisc *sch, struct nlattr *opt) if (err) return err; - net_inc_ingress_queue(); - net_inc_egress_queue(); - sch->flags |= TCQ_F_CPUSTATS; return 0; -- 2.9.5 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [patch net 2/2] net: sched: fix static key imbalance in case of ingress/clsact_init error 2017-12-15 11:40 ` [patch net 2/2] net: sched: fix static key imbalance in case of ingress/clsact_init error Jiri Pirko @ 2017-12-15 19:18 ` Cong Wang 2017-12-15 20:44 ` David Miller 1 sibling, 0 replies; 7+ messages in thread From: Cong Wang @ 2017-12-15 19:18 UTC (permalink / raw) To: Jiri Pirko Cc: Linux Kernel Network Developers, David Miller, Jamal Hadi Salim, mlxsw, Daniel Borkmann On Fri, Dec 15, 2017 at 3:40 AM, Jiri Pirko <jiri@resnulli.us> wrote: > From: Jiri Pirko <jiri@mellanox.com> > > Move static key increments to the beginning of the init function > so they pair 1:1 with decrements in ingress/clsact_destroy, > which is called in case ingress/clsact_init fails. > > Fixes: 6529eaba33f0 ("net: sched: introduce tcf block infractructure") > Signed-off-by: Jiri Pirko <jiri@mellanox.com> Acked-by: Cong Wang <xiyou.wangcong@gmail.com> ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [patch net 2/2] net: sched: fix static key imbalance in case of ingress/clsact_init error 2017-12-15 11:40 ` [patch net 2/2] net: sched: fix static key imbalance in case of ingress/clsact_init error Jiri Pirko 2017-12-15 19:18 ` Cong Wang @ 2017-12-15 20:44 ` David Miller 1 sibling, 0 replies; 7+ messages in thread From: David Miller @ 2017-12-15 20:44 UTC (permalink / raw) To: jiri; +Cc: netdev, jhs, xiyou.wangcong, mlxsw, daniel From: Jiri Pirko <jiri@resnulli.us> Date: Fri, 15 Dec 2017 12:40:13 +0100 > From: Jiri Pirko <jiri@mellanox.com> > > Move static key increments to the beginning of the init function > so they pair 1:1 with decrements in ingress/clsact_destroy, > which is called in case ingress/clsact_init fails. > > Fixes: 6529eaba33f0 ("net: sched: introduce tcf block infractructure") > Signed-off-by: Jiri Pirko <jiri@mellanox.com> Applied and queued up for -stable. ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2017-12-15 20:44 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2017-12-15 11:40 [patch net 0/2] net: sched: couple of fixes on ingress/clsact init error path Jiri Pirko 2017-12-15 11:40 ` [patch net 1/2] net: sched: fix clsact " Jiri Pirko 2017-12-15 19:17 ` Cong Wang 2017-12-15 20:44 ` David Miller 2017-12-15 11:40 ` [patch net 2/2] net: sched: fix static key imbalance in case of ingress/clsact_init error Jiri Pirko 2017-12-15 19:18 ` Cong Wang 2017-12-15 20:44 ` David Miller
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox