From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C58A3C43381 for ; Thu, 28 Feb 2019 05:36:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 9637221850 for ; Thu, 28 Feb 2019 05:36:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730580AbfB1Fg1 (ORCPT ); Thu, 28 Feb 2019 00:36:27 -0500 Received: from shards.monkeyblade.net ([23.128.96.9]:55914 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725862AbfB1Fg1 (ORCPT ); Thu, 28 Feb 2019 00:36:27 -0500 Received: from localhost (unknown [IPv6:2601:601:9f80:35cd::bf5]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: davem-davemloft) by shards.monkeyblade.net (Postfix) with ESMTPSA id 6A53114010623; Wed, 27 Feb 2019 21:36:26 -0800 (PST) Date: Wed, 27 Feb 2019 21:36:25 -0800 (PST) Message-Id: <20190227.213625.273284316654251760.davem@davemloft.net> To: vladbu@mellanox.com Cc: netdev@vger.kernel.org, dcaratti@redhat.com, jhs@mojatatu.com, xiyou.wangcong@gmail.com, jiri@resnulli.us, wenxu@ucloud.cn, roid@mellanox.com Subject: Re: [PATCH net-next v2] net: sched: act_tunnel_key: fix metadata handling From: David Miller In-Reply-To: <20190225153014.8885-1-vladbu@mellanox.com> References: <4bde1d403d4ba9b51cf18bbaac1d46147011b959.camel@redhat.com> <20190225153014.8885-1-vladbu@mellanox.com> X-Mailer: Mew version 6.8 on Emacs 26.1 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Wed, 27 Feb 2019 21:36:26 -0800 (PST) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Vlad Buslov Date: Mon, 25 Feb 2019 17:30:14 +0200 > Tunnel key action params->tcft_enc_metadata is only set when action is > TCA_TUNNEL_KEY_ACT_SET. However, metadata pointer is incorrectly > dereferenced during tunnel key init and release without verifying that > action is if correct type, which causes NULL pointer dereference. Metadata > tunnel dst_cache is also leaked on action overwrite. > > Fix metadata handling: > - Verify that metadata pointer is not NULL before dereferencing it in > tunnel_key_init error handling code. > - Move dst_cache destroy code into tunnel_key_release_params() function > that is called in both action overwrite and release cases (fixes resource > leak) and verifies that actions has correct type before dereferencing > metadata pointer (fixes NULL pointer dereference). > > Oops with KASAN enabled during tdc tests execution: ... > Fixes: 41411e2fd6b8 ("net/sched: act_tunnel_key: Add dst_cache support") > Signed-off-by: Vlad Buslov > --- > Changes from V1 to V2: > - Extract metadata->dst error handler fix into standalone patch that targets > net. Applied, thanks Vlad.