From: George Kennedy <george.kennedy@oracle.com>
To: gregkh@linuxfoundation.org
Cc: george.kennedy@oracle.com, xiyou.wangcong@gmail.com,
jhs@mojatatu.com, jiri@resnulli.us, stable@vger.kernel.org,
dhaval.giani@oracle.com, dan.carpenter@oracle.com,
netdev@vger.kernel.org
Subject: [PATCH 5.4.y 1/1] net_sched: check error pointer in tcf_dump_walker()
Date: Thu, 29 Jul 2021 10:57:34 -0500 [thread overview]
Message-ID: <1627574254-23665-2-git-send-email-george.kennedy@oracle.com> (raw)
In-Reply-To: <1627574254-23665-1-git-send-email-george.kennedy@oracle.com>
From: Cong Wang <xiyou.wangcong@gmail.com>
Although we take RTNL on dump path, it is possible to
skip RTNL on insertion path. So the following race condition
is possible:
rtnl_lock() // no rtnl lock
mutex_lock(&idrinfo->lock);
// insert ERR_PTR(-EBUSY)
mutex_unlock(&idrinfo->lock);
tc_dump_action()
rtnl_unlock()
So we have to skip those temporary -EBUSY entries on dump path
too.
Reported-and-tested-by: syzbot+b47bc4f247856fb4d9e1@syzkaller.appspotmail.com
Fixes: 0fedc63fadf0 ("net_sched: commit action insertions together")
Cc: Vlad Buslov <vladbu@mellanox.com>
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 580e4273d7a883ececfefa692c1f96bdbacb99b5)
Signed-off-by: George Kennedy <george.kennedy@oracle.com>
---
net/sched/act_api.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/sched/act_api.c b/net/sched/act_api.c
index 17e5cd9..75132d0 100644
--- a/net/sched/act_api.c
+++ b/net/sched/act_api.c
@@ -231,6 +231,8 @@ static int tcf_dump_walker(struct tcf_idrinfo *idrinfo, struct sk_buff *skb,
index++;
if (index < s_i)
continue;
+ if (IS_ERR(p))
+ continue;
if (jiffy_since &&
time_after(jiffy_since,
--
1.8.3.1
next prev parent reply other threads:[~2021-07-29 15:58 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-29 15:57 [PATCH 5.4.y 0/0] Missing commit 580e4273 causing: general protection fault in tcf_generic_walker George Kennedy
2021-07-29 15:57 ` George Kennedy [this message]
2021-07-29 16:49 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1627574254-23665-2-git-send-email-george.kennedy@oracle.com \
--to=george.kennedy@oracle.com \
--cc=dan.carpenter@oracle.com \
--cc=dhaval.giani@oracle.com \
--cc=gregkh@linuxfoundation.org \
--cc=jhs@mojatatu.com \
--cc=jiri@resnulli.us \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.