* [PATCH net] sch_sfq: fix null pointer dereference at timer expiration
@ 2017-11-28 13:28 Paolo Abeni
2017-11-28 17:50 ` Cong Wang
2017-11-28 20:54 ` David Miller
0 siblings, 2 replies; 4+ messages in thread
From: Paolo Abeni @ 2017-11-28 13:28 UTC (permalink / raw)
To: netdev
Cc: Jamal Hadi Salim, Cong Wang, Jiri Pirko, David S. Miller, Kees Cook
While converting sch_sfq to use timer_setup(), the commit cdeabbb88134
("net: sched: Convert timers to use timer_setup()") forgot to
initialize the 'sch' field. As a result, the timer callback tries to
dereference a NULL pointer, and the kernel does oops.
Fix it initializing such field at qdisc creation time.
Fixes: cdeabbb88134 ("net: sched: Convert timers to use timer_setup()")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
---
net/sched/sch_sfq.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/sched/sch_sfq.c b/net/sched/sch_sfq.c
index 890f4a4564e7..09c1203c1711 100644
--- a/net/sched/sch_sfq.c
+++ b/net/sched/sch_sfq.c
@@ -724,6 +724,7 @@ static int sfq_init(struct Qdisc *sch, struct nlattr *opt)
int i;
int err;
+ q->sch = sch;
timer_setup(&q->perturb_timer, sfq_perturbation, TIMER_DEFERRABLE);
err = tcf_block_get(&q->block, &q->filter_list, sch);
--
2.13.6
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH net] sch_sfq: fix null pointer dereference at timer expiration
2017-11-28 13:28 [PATCH net] sch_sfq: fix null pointer dereference at timer expiration Paolo Abeni
@ 2017-11-28 17:50 ` Cong Wang
2017-11-28 20:16 ` Kees Cook
2017-11-28 20:54 ` David Miller
1 sibling, 1 reply; 4+ messages in thread
From: Cong Wang @ 2017-11-28 17:50 UTC (permalink / raw)
To: Paolo Abeni
Cc: Linux Kernel Network Developers, Jamal Hadi Salim, Jiri Pirko,
David S. Miller, Kees Cook
On Tue, Nov 28, 2017 at 5:28 AM, Paolo Abeni <pabeni@redhat.com> wrote:
> While converting sch_sfq to use timer_setup(), the commit cdeabbb88134
> ("net: sched: Convert timers to use timer_setup()") forgot to
> initialize the 'sch' field. As a result, the timer callback tries to
> dereference a NULL pointer, and the kernel does oops.
>
> Fix it initializing such field at qdisc creation time.
>
> Fixes: cdeabbb88134 ("net: sched: Convert timers to use timer_setup()")
> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH net] sch_sfq: fix null pointer dereference at timer expiration
2017-11-28 17:50 ` Cong Wang
@ 2017-11-28 20:16 ` Kees Cook
0 siblings, 0 replies; 4+ messages in thread
From: Kees Cook @ 2017-11-28 20:16 UTC (permalink / raw)
To: David S. Miller
Cc: Paolo Abeni, Linux Kernel Network Developers, Jamal Hadi Salim,
Jiri Pirko, Cong Wang
On Tue, Nov 28, 2017 at 9:50 AM, Cong Wang <xiyou.wangcong@gmail.com> wrote:
> On Tue, Nov 28, 2017 at 5:28 AM, Paolo Abeni <pabeni@redhat.com> wrote:
>> While converting sch_sfq to use timer_setup(), the commit cdeabbb88134
>> ("net: sched: Convert timers to use timer_setup()") forgot to
>> initialize the 'sch' field. As a result, the timer callback tries to
>> dereference a NULL pointer, and the kernel does oops.
>>
>> Fix it initializing such field at qdisc creation time.
>>
>> Fixes: cdeabbb88134 ("net: sched: Convert timers to use timer_setup()")
>> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
>
> Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Thanks for the catch! Yup, this was a goof on my end (all other timers
correctly initialize that value, but the one in sfq_init() got
missed). Thanks!
Acked-by: Kees Cook <keescook@chromium.org>
-Kees
--
Kees Cook
Pixel Security
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH net] sch_sfq: fix null pointer dereference at timer expiration
2017-11-28 13:28 [PATCH net] sch_sfq: fix null pointer dereference at timer expiration Paolo Abeni
2017-11-28 17:50 ` Cong Wang
@ 2017-11-28 20:54 ` David Miller
1 sibling, 0 replies; 4+ messages in thread
From: David Miller @ 2017-11-28 20:54 UTC (permalink / raw)
To: pabeni; +Cc: netdev, jhs, xiyou.wangcong, jiri, keescook
From: Paolo Abeni <pabeni@redhat.com>
Date: Tue, 28 Nov 2017 14:28:39 +0100
> While converting sch_sfq to use timer_setup(), the commit cdeabbb88134
> ("net: sched: Convert timers to use timer_setup()") forgot to
> initialize the 'sch' field. As a result, the timer callback tries to
> dereference a NULL pointer, and the kernel does oops.
>
> Fix it initializing such field at qdisc creation time.
>
> Fixes: cdeabbb88134 ("net: sched: Convert timers to use timer_setup()")
> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Applied, thank you.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-11-28 20:54 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-11-28 13:28 [PATCH net] sch_sfq: fix null pointer dereference at timer expiration Paolo Abeni
2017-11-28 17:50 ` Cong Wang
2017-11-28 20:16 ` Kees Cook
2017-11-28 20:54 ` David Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.